On Sat, Jul 1, 2017 at 4:39 PM, Igor Cicimov <ig...@encompasscorporation.com
> wrote:
>
>
> On 29 Jun 2017 2:46 am, "Daren Sefcik" <dsef...@hightechhigh.org> wrote:
>
> On Wed, Jun 28, 2017 at 8:12 AM, Olivier Doucet <webmas...@ajeux.com>
> wrote:
>
>> Hi,
>>
>>
>> 2017-06-28 16:47 GMT+02:00 Daren Sefcik <dsef...@hightechhigh.org>:
>>
>>> Hi, I have searched for an answer to this and tried several things but
>>> cannot seem to figure it out so am hoping someone can point me in the right
>>> direction. I have different backend proxy servers (squid) setup to handle
>>> specifically HTTP and HTTPS traffic but cannot figure out how to tell
>>> haproxy to tell the difference and send appropriately.
>>>
>>> For example, I have
>>>
>>> frontend proxy_servers
>>> backend http_proxies
>>> backend https_proxies
>>>
>>> how can I tell frontend to send all http traffic to backend http_proxies
>>> and all https traffic to https_backend? I have tried using dst_port 443 and
>>> the acl https ssl_fc but nothing seems to distinguish https traffic.
>>>
>>
>> Well, it should work. Send a copy of your config to see what's wrong in
>> it.
>>
>> Olivier
>>
>>
>>
>>>
>>> TIA...
>>>
>>
>>
> Here is an example, it continues to direct all https traffic to the web
> proxy and not the streaming media one.
>
> frontend HTPL_PROXY
> bind 10.1.4.105:8181 name 10.1.4.105:8181
> mode http
> log global
> option http-server-close
> option forwardfor
> acl https ssl_fc
> http-request set-header X-Forwarded-Proto http if !https
> http-request set-header X-Forwarded-Proto https if https
> maxconn 90000
> timeout client 10000
> option tcp-smart-accept
> acl is_youtube hdr_sub(host) -i youtube.com
> acl is_netflix hdr_sub(host) -i netflix.com
> acl is_nflixvideo hdr_sub(host) -i nflxvideo.net
> acl is_googlevideo hdr_sub(host) -i googlevideo.com
> acl is_google hdr_sub(host) -i google.com
> acl is_pandora hdr_sub(host) -i pandora.com
> acl is_https dst_port eq 443
> use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_youtube
> use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_netflix
> use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_nflixvideo
> use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_googlevideo
> use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_pandora
> use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_https
> default_backend HTPL_WEB_PROXY_http_ipvANY
>
> Obviously dst_port 443 method can not work since you are listening on port
> 8181. Since both protocols are on same port you can try in tcp mode:
>
> mode tcp
> option tcplog
> bind *:8181
>
> tcp-request inspect-delay 5s
> acl is_ssl req.ssl_hello_type 1
>
>
Thank you, I have tried that with the below config and it still sends all
traffic to the default backend instead of my ssl backend, any other ideas?
frontend HTPL_PROXY
bind 10.1.4.105:8181 name 10.1.4.105:8181
mode tcp
log global
maxconn 90000
timeout client 10000
option tcp-smart-accept
tcp-request inspect-delay 5s
acl is_ssl req.ssl_hello_type 1
use_backend HTPL_SSL_PROXY_tcp_ipvANY if is_ssl
default_backend HTPL_WEB_PROXY_tcp_ipvANY
