I’ve not tried using ACLs in curly brackets like you are, but I can confirm that this configuration works for me
acl name1 hdr(host) -i www.example.org<http://www.example.org> acl name2 hdr(host) -i www.example-other.org<http://www.example-other.org> use_backend backend1 if name1 use_backend backend2 if name2 I use this code specifically to do what you’re trying to do, though I’m using the latest stable build. I’m pretty sure this code should work in 1.5 though as well. Also if you can’t use self compiled stuff, can you use something like IUS? https://ius.io/ From: Jeremy Utley [mailto:[email protected]] Sent: Thursday, April 13, 2017 12:29 PM To: [email protected] Subject: Problems with SNI config Hello all! I'm trying to convert an Apache reverse proxy setup over to using HAProxy, but am running into issues with SNI. I followed http://stuff-things.net/2016/11/30/haproxy-sni/ to set this up, but it's not working, and I have not yet been able to figure out why. HAProxy version: 1.5.4-3 installed from the EPEL repo on Centos 6 (Policy here forbids self-compiled versions, so we are limited to only what's available to us in EPEL) I've narrowed down the problem to my frontend definition - if I simplify the front-end to not do SNI, it works fine to either backend. If I add a default_backend definition, it goes to the default backend no matter which hostname I provide. Without the default_backend in the frontend configuration, I get a 503 error from the proxy. So something is definately not right with my SNI configuration, but I certainly can not find it! Here is a sanitized version of my frontend definition in haproxy.cfg: frontend https-8443 bind 192.168.1.1:8443<http://192.168.1.1:8443> ssl crt /etc/haproxy/certs/ use_backend site1 if { hdr(host) -i site1.domain.com<http://site1.domain.com> } use_backend site2 if { hdr(host) -i site2.domain.com<http://site2.domain.com> } We will eventually have something like 20-30 different SSL sites in this configuration, along with some IP-based ACLs as well, but I'm not to that point as of yet. I am simply trying to get SNI working, to direct to a different backend depending on the hostname requested (which, according to my reading, should be perfectly doable with haproxy. Anybody got any ideas of what I'm doing wrong? Thanks for your time! Jeremy Utley ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
