Re: Haproxy support for HTTPS (SSL) backend servers

2010-10-19 Thread Pasi Kärkkäinen
On Mon, Oct 18, 2010 at 07:00:37PM +0300, Reinis Rozitis wrote: I meant the features that need to parse the HTTP request and do things based on it.. So tcp/raw mode won't work.. Thanks for the reply though! -- Pasi I think you are better in this case using 'nginx' for example -

Re: Haproxy support for HTTPS (SSL) backend servers

2010-10-19 Thread Pasi Kärkkäinen
On Mon, Oct 18, 2010 at 03:02:26PM +, Soren Hansen wrote: Terminate the ssl using apache+mod_ssl as a proxy to your HAproxy Do your ACL stuff in HAproxy Then have HAproxy send the request to a local stunnel client. stunnel will then forward the request as ssl to a backend server. You

Re: Haproxy support for HTTPS (SSL) backend servers

2010-10-19 Thread Pasi Kärkkäinen
On Tue, Oct 19, 2010 at 02:35:01PM +0300, Pasi Kärkkäinen wrote: On Mon, Oct 18, 2010 at 03:02:26PM +, Soren Hansen wrote: Terminate the ssl using apache+mod_ssl as a proxy to your HAproxy Do your ACL stuff in HAproxy Then have HAproxy send the request to a local stunnel client.

RE: Haproxy support for HTTPS (SSL) backend servers

2010-10-19 Thread Simon Green - Centric IT Ltd
[mailto:pa...@iki.fi] Sent: 19 October 2010 12:33 To: Reinis Rozitis Cc: haproxy@formilux.org Subject: Re: Haproxy support for HTTPS (SSL) backend servers On Mon, Oct 18, 2010 at 07:00:37PM +0300, Reinis Rozitis wrote: I meant the features that need to parse the HTTP request and do things based

Re: Haproxy support for HTTPS (SSL) backend servers

2010-10-19 Thread Reinis Rozitis
Have you tried Varnish? http://www.varnish-cache.org/ It's intended as a caching proxy but can do what you're after perfectly well. Also if there's anything it can't do, you can in-line drop in to C in the config files and make it do it! As far as I know varnish doesnt support SSL (neither

Re: Haproxy support for HTTPS (SSL) backend servers

2010-10-18 Thread Reinis Rozitis
I meant the features that need to parse the HTTP request and do things based on it.. So tcp/raw mode won't work.. Thanks for the reply though! -- Pasi I think you are better in this case using 'nginx' for example - http://wiki.nginx.org/HttpProxyModule (can do ACL / rewrites / header change

Re: Haproxy support for HTTPS (SSL) backend servers

2010-10-18 Thread Hervé COMMOWICK
Hello, You can use stunnel for decrypt/recrypt the ssl stuff : stunnel's config : http://vr.pastebin.com/Ay4e9wFk haproxy's config http://vr.pastebin.com/1uDMeavk Regards, Hervé. On Sat, 16 Oct 2010 13:34:04 +0300 Pasi Kärkkäinen pa...@iki.fi wrote: Hello, I'd like to use haproxy to

Re: Haproxy support for HTTPS (SSL) backend servers

2010-10-16 Thread Nicholas Hadaway
ACL features work just fine in TCP mode as well as HTTP mode. -nick On 10/16/2010 3:34 AM, Pasi Kärkkäinen wrote: Hello, I'd like to use haproxy to loadbalance a service that uses (only) https in the backend.. service in question cannot be changed to provide http, it's https only. (I know,