Hey Seth and Moshe, I know that Varnish will be able to do most and Haproxy can definitely handle the hostname to IP issue, but haproxy as far as I know won't do SSL you have to have stunnel setup in front of it and it still requires the IP's set.
I was hoping that it could be done and I may still keep playing when I get time. Thanks for everything Joe -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Seth Mos Sent: Thursday, July 26, 2012 2:54 AM To: [email protected] Subject: Re: [pfSense] Using pfSense to route inbound traffic via Domain Name instead of IP Op 26-7-2012 5:01, Moshe Katz schreef: > On Wed, Jul 25, 2012 at 10:24 PM, Joseph Hardeman > <[email protected] <mailto:[email protected]>> wrote: > There isn't really any built-in way to do this. What you really want > is a reverse-proxy server (which could or could not be running on the > pfSense box). However, your Reverse Proxy would either have to > support SNI or have a single certificate with all of the domains on > it. Your reverse-proxy would then route by domain name. Indeed, you need a full on proxy server like HAproxy or Varnish depending on your tastes to do this. Not sure which one does the man in the middle for SSL, the proxy will need to terminate the SSL connection and can speak http or https to the backend. > Two parenthetical notes about SNI: > > * IIS 8 (release next month or so, RC currently available) does > support SNI. > * Windows XP does not support SNI. (Firefox on XP does, as well as > Chrome > 6 do). As Moshe makes clear here there is no other feature you can use except SNI for SSL name based virtual hosting. Otherwise you need one IP per SSL certificate, proxy or not. Regards, Seth _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
