Hello,
I’ve what feels like a very simple problem, but that I cannot get to work. I’ve two backends, and I wish to route HTTPS traffic to them based on the original source request, without SSL offloading. I ran across http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ which appears to be a very simple pattern to follow. However, no matter what I do, I can’t seem to make it work. My haproxy.cfg: https://gist.github.com/oli-logicnow/08a6e05fe6943e30cd9e26d20fa4d5be HA-Proxy version 1.6.4 2016/03/13 If I include the default_backend then everything flows to it. If I test either backend without including the acl based stuff they work fine. If I uncomment the “download” sections it makes no different (the version I’ve linked to was trying to minimise the amount of config included). I’ve sanitised the URLs, but kept the same structure incase the slightly unusual 3 domain deep api.test.example.com was a problem. When I curl the endpoints from my machine what gets logged isn’t giving me any clues. 16:40 $ curl -I https://downloads.example.com/real-file.zip curl: (35) Server aborted the SSL handshake 16:40 $ curl -I https://api.test.example.com curl: (35) Server aborted the SSL handshake Nov 21 16:40:24 localhost haproxy[4541]: 77.95.34.246:52271 [21/Nov/2016:16:40:24.147] ssl_relay ssl_relay/<NOSRV> -1/-1/0 0 SC 0/0/0/0/0 0/0 Nov 21 16:40:26 localhost haproxy[4541]: 77.95.34.246:52274 [21/Nov/2016:16:40:26.600] ssl_relay ssl_relay/<NOSRV> -1/-1/0 0 SC 0/0/0/0/0 0/0 It feels like the req_ssl_sni entries are not matching and thus HAProxy has no where to route the traffic. All help gratefully received, Oli
