Chad,
This is great. I now have to figure out how to automate it.
many thanks,
jerry
On 4/5/17 12:05 PM, Chad Lavoie wrote:
Greetings,
On 04/05/2017 02:19 PM, Jerry Scharf wrote:
Hi,
I have a question that I think I know the answer to.
We have lots of things that are of the form of
bind *:80
redirect scheme https if !{ ssl_fc }
bind *:443 ssl crt xxx
use_backend xxx-be if { ssl_fc_sni www.soundhound.com }
We have an app that we would like to convert in place from non-ssl to
ssl based. Can I have both binds use the same port? I am guessing
not, but I want to be sure.
You can if you have a fake TCP frontend which determines if the
traffic is HTTP or HTTPS using something like the following:
frontend is_ssl_frontend
mode tcp
bind *:8888
tcp-request inspect-delay 10s
tcp-request content accept if HTTP
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend is_http_backend if HTTP
default_backend is_https_backend
Each of said backends would then loop back to HAProxy via a socket or
loopback address (likely with send-proxy-v2 and accpet-proxy to keep
the client IP information) to be handled as HTTP or HTTPS by another
frontend.
From your request of using 80/443 I'm not sure if this is what you
want to do, but just wanted to indicate that it can be done.
Thanks,
- Chad
thanks,
jerry
--
Soundhound Devops
"What could possibly go wrong?"
