Re: HAProxy - Combination of SSL Termination and Pass through
Hi, On Fri, Aug 14, 2015 at 12:53 PM, Aleksandar Lazic al-hapr...@none.at wrote: Hi. Am 13-08-2015 08:45, schrieb Baptiste: Hi Sandeep, No, HAProxy doesn't pass through. [snipp] What you mean by passthrough would be something like: listen ssl_passthourgh mode tcp bind :443 server 10.0.0.1:443 Maybe that this 'passthrough' wording comes from openshift document https://docs.openshift.org/latest/architecture/core_concepts/routes.html Passtrough in openshift context looks as exactly the config as Baptiste sent.
Re: HAProxy - Combination of SSL Termination and Pass through
Hi. Am 13-08-2015 08:45, schrieb Baptiste: Hi Sandeep, No, HAProxy doesn't pass through. [snipp] What you mean by passthrough would be something like: listen ssl_passthourgh mode tcp bind :443 server 10.0.0.1:443 Maybe that this 'passthrough' wording comes from openshift document https://docs.openshift.org/latest/architecture/core_concepts/routes.html or from the RedHat doc? https://access.redhat.com/documentation/en/openshift-enterprise/version-3.0/openshift-enterprise-30-architecture#passthrough-termination The haproxy template can be found here. https://github.com/openshift/origin/blob/9fffbd9ffb7d97c55a1072ea469b624dab89c17c/images/router/haproxy/conf/haproxy-config.template#L48 Do you know that openshift use haproxy for his routing layer? Br Aleks On Thu, Aug 13, 2015 at 4:53 AM, Sandeep Jindal sandeep...@gmail.com wrote: Hi Baptiste, Not sure if that answers my question. What you suggested is to enable SSL for HAProxy. My use case if one step further. Once HAProxy receives the SSL request, after decrypting it, use case require to manipulate headers and then forward the request to a a bendend server which is SSL enabled. It seems HAProxy can pass through SSL certificates but not start new certificate for Backend. Regards Sandeep Jindal 201 604 5277 On Fri, Jul 31, 2015 at 2:11 AM, Baptiste bed...@gmail.com wrote: On Fri, Jul 31, 2015 at 4:12 AM, Sandeep Jindal sandeep...@gmail.com wrote: Hi All, My use case is to Manipulate Request Headers of the incoming request. So, for this, I would need to create a new SSL certificate, but it seems at HTTP level. Can you please suggest if this is possible and how? Regards Sandeep Jindal 201 604 5277 Hi Sandeep, Simply create your certificate with openssl, and enable enable 'ssl' and 'crt /path/to/your/cert' on your bind line in your HAProxy frontend. Baptiste
Re: HAProxy - Combination of SSL Termination and Pass through
Hi Sandeep, No, HAProxy doesn't pass through. HAProxy can terminate SSL then create a new ciphered connection: listen ssl_reencryption mode http bind :443 ssl crt /path/to/your/cert server 10.0.0.1:443 ssl What you mean by passthrough would be something like: listen ssl_passthourgh mode tcp bind :443 server 10.0.0.1:443 Baptiste On Thu, Aug 13, 2015 at 4:53 AM, Sandeep Jindal sandeep...@gmail.com wrote: Hi Baptiste, Not sure if that answers my question. What you suggested is to enable SSL for HAProxy. My use case if one step further. Once HAProxy receives the SSL request, after decrypting it, use case require to manipulate headers and then forward the request to a a bendend server which is SSL enabled. It seems HAProxy can pass through SSL certificates but not start new certificate for Backend. Regards Sandeep Jindal 201 604 5277 On Fri, Jul 31, 2015 at 2:11 AM, Baptiste bed...@gmail.com wrote: On Fri, Jul 31, 2015 at 4:12 AM, Sandeep Jindal sandeep...@gmail.com wrote: Hi All, My use case is to Manipulate Request Headers of the incoming request. So, for this, I would need to create a new SSL certificate, but it seems at HTTP level. Can you please suggest if this is possible and how? Regards Sandeep Jindal 201 604 5277 Hi Sandeep, Simply create your certificate with openssl, and enable enable 'ssl' and 'crt /path/to/your/cert' on your bind line in your HAProxy frontend. Baptiste
Re: HAProxy - Combination of SSL Termination and Pass through
Hi Baptiste, Not sure if that answers my question. What you suggested is to enable SSL for HAProxy. My use case if one step further. Once HAProxy receives the SSL request, after decrypting it, use case require to manipulate headers and then forward the request to a a bendend server which is SSL enabled. It seems HAProxy can pass through SSL certificates but not start new certificate for Backend. Regards Sandeep Jindal *201 604 5277* On Fri, Jul 31, 2015 at 2:11 AM, Baptiste bed...@gmail.com wrote: On Fri, Jul 31, 2015 at 4:12 AM, Sandeep Jindal sandeep...@gmail.com wrote: Hi All, My use case is to Manipulate Request Headers of the incoming request. So, for this, I would need to create a new SSL certificate, but it seems at HTTP level. Can you please suggest if this is possible and how? Regards Sandeep Jindal 201 604 5277 Hi Sandeep, Simply create your certificate with openssl, and enable enable 'ssl' and 'crt /path/to/your/cert' on your bind line in your HAProxy frontend. Baptiste
Re: HAProxy - Combination of SSL Termination and Pass through
On Fri, Jul 31, 2015 at 4:12 AM, Sandeep Jindal sandeep...@gmail.com wrote: Hi All, My use case is to Manipulate Request Headers of the incoming request. So, for this, I would need to create a new SSL certificate, but it seems at HTTP level. Can you please suggest if this is possible and how? Regards Sandeep Jindal 201 604 5277 Hi Sandeep, Simply create your certificate with openssl, and enable enable 'ssl' and 'crt /path/to/your/cert' on your bind line in your HAProxy frontend. Baptiste
HAProxy - Combination of SSL Termination and Pass through
Hi All, My use case is to Manipulate Request Headers of the incoming request. So, for this, I would need to create a new SSL certificate, but it seems at HTTP level. Can you please suggest if this is possible and how? Regards Sandeep Jindal *201 604 5277*