-
-
Save oli-logicnow/08a6e05fe6943e30cd9e26d20fa4d5be to your computer and use it in GitHub Desktop.
Attempting to route HTTPS traffic to two different backends depending on the domain called, detected via SNI, without SSL offloading
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
maxconn 50000 | |
# run in the background | |
daemon | |
user haproxy | |
group haproxy | |
defaults | |
log 127.0.0.1 local1 | |
retries 3 | |
timeout client 30s | |
timeout connect 30s | |
timeout server 30s | |
option abortonclose | |
frontend ssl_relay | |
bind *:443 | |
mode tcp | |
option tcplog | |
log global | |
# acl application_download req_ssl_sni -i downloads.example.com | |
acl application_api req_ssl_sni -i api.test.example.com | |
# use_backend backend_download if application_download | |
use_backend backend_api if application_api | |
# default_backend backend_api | |
backend backend_download | |
mode tcp | |
option tcplog | |
option ssl-hello-chk | |
server server_downloads downloads.example.com:443 check port 443 inter 10 | |
backend backend_api | |
mode tcp | |
option tcplog | |
option ssl-hello-chk | |
server server_api api.test.example.com:443 check port 443 inter 10 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
/usr/sbin/haproxy -v
HA-Proxy version 1.6.4 2016/03/13
Copyright 2000-2016 Willy Tarreau willy@haproxy.org