Hi, I would like to implement the following simple scenario, all the tests I have done unfortunately have failed (bad SSL requests, error 502...): - Using SSL passthrough for the top level domain (mydomain.com) as the web application is already presenting a wildcard SSL certificate for this domain. - Offloading SSL on haproxy just for the subdomains (a SSL certificate matching with *.sub01.mydomain.com for example).
Here is a simple configuration example showing the case: frontend FE-https bind 1.1.1.1:443 ssl crt /etc/ssl/certs/sub01.mydomain.com.pem mode http acl is_sub01 hdr_end(host) -i sub01.mydomain.com use_backend BE-sub01 if is_sub01 default_backend BE-default # SSL Offloading for *.sub01.mydomain.com backend BE-sub01 mode http server srv1 10.10.10.10:443 # SSL passthrough for *.mydomain.com backend BE-default mode http server srv1 10.10.10.10:443 ssl verify none To summarize, I would like to provide or not the right SSL certificate per backend (depending on the url). Thanks for your help :)