Skip to content

Instantly share code, notes, and snippets.

@marcelog
Created July 9, 2017 21:47
Show Gist options
  • Save marcelog/881ce93fc28c6f34bb15a283af75f22c to your computer and use it in GitHub Desktop.
Save marcelog/881ce93fc28c6f34bb15a283af75f22c to your computer and use it in GitHub Desktop.
Multiple backends in haproxy by using ACL, one SSL certificate, and SNI
frontend http
bind *:443 ssl crt /etc/ssl/certs/mycert.pem ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
mode tcp
acl backend1 ssl_fc_sni backed1.domain.com
acl backend2 ssl_fc_sni backed2.domain.com
tcp-request inspect-delay 5s
use_backend backend1 if backend1
use_backend backend2 if backend2
backend backend1
mode http
server backend1 127.0.0.1:8080 maxconn 2048
backend backend2
mode http
server backend2 127.0.0.1:9090 maxconn 2048
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment