hxyconan/haproxy_ssl_request_passthrough_ver1.txt

## haproxy_ssl_request_passthrough_ver1.txt
# Haproxy configuration for SSL request passthrough with ACL rules
# Notes: There is a problem there, the req_ssl_sni -i will check the exactly domain in the certificate, if the certificate has Alt name or SAN, such ACL role does not work

# Ref:
# 	https://github.com/rancher/lb-controller/blob/master/provider/haproxy/config/haproxy_template.cfg#L32
# 	https://stackoverflow.com/questions/30393390/redirect-http-to-https-haproxy-use-ssl-passthrough
# 	https://gist.github.com/voduytuan/a919c408f61121b6dcc6

#---------------------------------------------------------------------
# Proxys to the webserver backend port 443
#---------------------------------------------------------------------
frontend main_ssl
    bind :443
    mode tcp
    option tcplog

    use_backend backend_host req_ssl_sni -i EXAMPLE.domain.com

    default_backend static

backend backend_host
  mode tcp
  balance roundrobin
  server backend_server x.x.x.x:443 check
	# Haproxy configuration for SSL request passthrough with ACL rules
	# Notes: There is a problem there, the req_ssl_sni -i will check the exactly domain in the certificate, if the certificate has Alt name or SAN, such ACL role does not work

	# Ref:
	# https://github.com/rancher/lb-controller/blob/master/provider/haproxy/config/haproxy_template.cfg#L32
	# https://stackoverflow.com/questions/30393390/redirect-http-to-https-haproxy-use-ssl-passthrough
	# https://gist.github.com/voduytuan/a919c408f61121b6dcc6

	#---------------------------------------------------------------------
	# Proxys to the webserver backend port 443
	#---------------------------------------------------------------------
	frontend main_ssl
	bind :443
	mode tcp
	option tcplog

	use_backend backend_host req_ssl_sni -i EXAMPLE.domain.com

	default_backend static

	backend backend_host
	mode tcp
	balance roundrobin
	server backend_server x.x.x.x:443 check