On Mon, 30 Jul 2018 at 13:30, Aleksandar Lazic <al-hapr...@none.at> wrote: > > Hi. > > I have the following Setup. > > APP -> Internal Haproxy -(HTTPS)-> external HAProxy -> APP > > The external HAProxy is configured with multiple TLS Vhost.
Never use SNI for Vhosting. It should work with the host header only. SNI should only be used for certificate selection, otherwise overlapping certificates will cause wrong forwarding decisions. > I assume that when I add `server .... sni appinternal.domain.com` to the > server line will be set the hostname field in the TLS session to this > value. No, the sni keyword expects a fetch expression. Set it to the host header for example: sni req.hdr(host) Or to a static string: sni str(www.example.com) cheers, lukas
