On 3 Jul 2017 6:47 am, "Daren Sefcik" <dsef...@hightechhigh.org> wrote:
On Sat, Jul 1, 2017 at 4:39 PM, Igor Cicimov <ig...@encompasscorporation.com > wrote: > > > On 29 Jun 2017 2:46 am, "Daren Sefcik" <dsef...@hightechhigh.org> wrote: > > On Wed, Jun 28, 2017 at 8:12 AM, Olivier Doucet <webmas...@ajeux.com> > wrote: > >> Hi, >> >> >> 2017-06-28 16:47 GMT+02:00 Daren Sefcik <dsef...@hightechhigh.org>: >> >>> Hi, I have searched for an answer to this and tried several things but >>> cannot seem to figure it out so am hoping someone can point me in the right >>> direction. I have different backend proxy servers (squid) setup to handle >>> specifically HTTP and HTTPS traffic but cannot figure out how to tell >>> haproxy to tell the difference and send appropriately. >>> >>> For example, I have >>> >>> frontend proxy_servers >>> backend http_proxies >>> backend https_proxies >>> >>> how can I tell frontend to send all http traffic to backend http_proxies >>> and all https traffic to https_backend? I have tried using dst_port 443 and >>> the acl https ssl_fc but nothing seems to distinguish https traffic. >>> >> >> Well, it should work. Send a copy of your config to see what's wrong in >> it. >> >> Olivier >> >> >> >>> >>> TIA... >>> >> >> > Here is an example, it continues to direct all https traffic to the web > proxy and not the streaming media one. > > frontend HTPL_PROXY > bind 10.1.4.105:8181 name 10.1.4.105:8181 > mode http > log global > option http-server-close > option forwardfor > acl https ssl_fc > http-request set-header X-Forwarded-Proto http if !https > http-request set-header X-Forwarded-Proto https if https > maxconn 90000 > timeout client 10000 > option tcp-smart-accept > acl is_youtube hdr_sub(host) -i youtube.com > acl is_netflix hdr_sub(host) -i netflix.com > acl is_nflixvideo hdr_sub(host) -i nflxvideo.net > acl is_googlevideo hdr_sub(host) -i googlevideo.com > acl is_google hdr_sub(host) -i google.com > acl is_pandora hdr_sub(host) -i pandora.com > acl is_https dst_port eq 443 > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_youtube > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_netflix > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_nflixvideo > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_googlevideo > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_pandora > use_backend HTPL_STREAMING_MEDIA_PROXY_http_ipvANY if is_https > default_backend HTPL_WEB_PROXY_http_ipvANY > > Obviously dst_port 443 method can not work since you are listening on port > 8181. Since both protocols are on same port you can try in tcp mode: > > mode tcp > option tcplog > bind *:8181 > > tcp-request inspect-delay 5s > acl is_ssl req.ssl_hello_type 1 > > Thank you, I have tried that with the below config and it still sends all traffic to the default backend instead of my ssl backend, any other ideas? frontend HTPL_PROXY bind 10.1.4.105:8181 name 10.1.4.105:8181 mode tcp log global maxconn 90000 timeout client 10000 option tcp-smart-accept tcp-request inspect-delay 5s acl is_ssl req.ssl_hello_type 1 use_backend HTPL_SSL_PROXY_tcp_ipvANY if is_ssl default_backend HTPL_WEB_PROXY_tcp_ipvANY Only explenation i can see is that no ssl traffik is hitting haproxy at least not on port 8181