it broke - the header isn't passed anymore so had to
revert back.
Sniffed with tcpdump and indeed there are no headers with the (real)client
ip anymore.
I have additional http-request set-header HTTPS %[ssl_fc] - which is still
passed fine.
Am I missing something?
wbr
Reinis Rozitis
Hello,
is it possible to inspect http headers (like hostname/uri) and do backend
switching in tcp mode via spdy?
My config is something like:
...
frontend app
bind :443 ssl crt cert.pem npn spdy/3.1,http/1.1
tcp-request inspect-delay 5s
tcp-request content accept if HTTP
acl is_upload
I don't see why it would fail, you could share a tcpdump capture of the
TLS handshake?
https://www.cloudshark.org/captures/c237da70245a
194.19.225.226 - client ip (latest Chrome)
213.175.75.10 - backend ip (spdy on port 88)
213.175.75.238 - haproxy
rr
Looks ok as well (but the actual NPN selection is encrypted).
Could you try:
- just announcing spdy/3.1 via NPN, removing http/1.1
Really confused now - I could swear I tried this one out before and it
wasn't working.
Now when I removed the http/1.1 the ssl_fc_npn contains spdy/3.1 and
Hello,
I'm trying to implement the haproxy nginx spdy / ssl offloading setup, but
somehow it is not working for me.
For simplicity I used https://gist.github.com/igrigorik/8960971 haproxy
config, but while testing with Chrome and FF the spdy is never enabled nor
the spdy backend is chosen.
Have you tried Varnish?
http://www.varnish-cache.org/
It's intended as a caching proxy but can do what you're after perfectly
well.
Also if there's anything it can't do, you can in-line drop in to C in the
config files and make it do it!
As far as I know varnish doesnt support SSL (neither
I meant the features that need to parse the HTTP request and do things
based on it..
So tcp/raw mode won't work..
Thanks for the reply though!
-- Pasi
I think you are better in this case using 'nginx' for example -
http://wiki.nginx.org/HttpProxyModule (can do ACL / rewrites / header change
7 matches
Mail list logo
