Just something I thought the rest of the interwebs might find useful. If you can get your users to first connect to an http:// address, and then have that URL redirect them to https://, you can work around a lack of SNI support on the client end like so:
# content switching based on host name use_backend dvs-staging.cytobank.org-http if { hdr(host) -i dvs-staging.cytobank.org } backend dvs-staging.cytobank.org-http cookie SITE insert server server_1 2607:f700:2bff:bb:225:90ff:fe6c:3308:82 cookie dvs-staging.cytobank.org check inter 3000 rise 1 fall 1 error-limit 1 on-error mark-down [snip] # content switching based on cookie, having had them set in previous sessions use_backend dvs-staging.cytobank.org-https-apache if { hdr_sub(cookie) SITE=dvs-staging.cytobank.org } # content switching based on SNI use_backend dvs-staging.cytobank.org-https-apache if { ssl_fc_sni -i dvs-staging.cytobank.org } backend dvs-staging.cytobank.org-https-apache cookie SITE insert server server_1 2607:f700:2bff:bb:225:90ff:fe6c:3308:83 cookie dvs-staging.cytobank.org check inter 3000 rise 1 fall 1 error-limit 1 on-error mark-down So whenever dvs-staging is reached, the cookie is set, and we fall back to SNI if we don't have that cookie. If the same user might be going to more than one host, then you'd want to prefer SNI to the cookie, but that isn't the case for use, so we prefer the cookie for speed (I'm assuming a cookie check is faster than SNI, based on zero research; I could certainly be wrong). -Robin