pweil-/gist:fcae35c106bd706a054e

## gistfile1.txt
00000000:public_ssl.accept(0006)=0009 from [10.0.2.15:56882]
00000000:be_sni.srvcls[0009:000a]
00000000:be_sni.clicls[0009:000a]
00000000:be_sni.closed[0009:000a]
00000001:fe_sni.accept(0007)=0009 from [10.0.2.15:56890]
00000001:be_http_hello-nginx.clireq[0009:ffffffff]: GET / HTTP/1.1
00000001:be_http_hello-nginx.clihdr[0009:ffffffff]: User-Agent: curl/7.32.0
00000001:be_http_hello-nginx.clihdr[0009:ffffffff]: Host: www.example.com
00000001:be_http_hello-nginx.clihdr[0009:ffffffff]: Accept: */*
00000001:be_http_hello-nginx.srvrep[0009:000a]: HTTP/1.1 200 OK
00000001:be_http_hello-nginx.srvhdr[0009:000a]: Server: nginx/1.6.2
00000001:be_http_hello-nginx.srvhdr[0009:000a]: Date: Mon, 12 Jan 2015 20:35:19 GMT
00000001:be_http_hello-nginx.srvhdr[0009:000a]: Content-Type: text/html
00000001:be_http_hello-nginx.srvhdr[0009:000a]: Content-Length: 12
00000001:be_http_hello-nginx.srvhdr[0009:000a]: Last-Modified: Mon, 12 Jan 2015 14:49:40 GMT
00000001:be_http_hello-nginx.srvhdr[0009:000a]: Connection: keep-alive
00000001:be_http_hello-nginx.srvhdr[0009:000a]: ETag: "54b3df04-c"
00000001:be_http_hello-nginx.srvhdr[0009:000a]: Accept-Ranges: bytes
00000002:openshift_default.clicls[0009:000a]
00000002:openshift_default.closed[0009:000a]
00000003:public_ssl.accept(0006)=0009 from [10.0.2.15:56897]
00000003:be_sni.srvcls[0009:000a]
00000003:be_sni.clicls[0009:000a]
00000003:be_sni.closed[0009:000a]
00000004:public_ssl.accept(0006)=0009 from [10.0.2.15:56920]
00000004:be_sni.srvcls[0009:000a]
00000004:be_sni.clicls[0009:000a]
00000004:be_sni.closed[0009:000a]
00000005:fe_sni.accept(0007)=0009 from [10.0.2.15:56928]
00000005:openshift_default.clireq[0009:ffffffff]: GET / HTTP/1.1
00000005:openshift_default.clihdr[0009:ffffffff]: User-Agent: curl/7.32.0
00000005:openshift_default.clihdr[0009:ffffffff]: Host: www.example.com
00000005:openshift_default.clihdr[0009:ffffffff]: Accept: */*
00000005:openshift_default.clicls[0009:000a]
00000005:openshift_default.closed[0009:000a]

## gistfile2.txt
[root@router conf]# echo "show map /var/lib/haproxy/conf/os_http_be.map" | socat unix-connect:/var/lib/haproxy/run/haproxy.sock stdio
0x707190 www.example.com hello-nginx

## gistfile3.txt
frontend fe_sni
  # terminate ssl on edge
  bind 127.0.0.1:10444 ssl crt /var/lib/containers/router/certs accept-proxy

  # re-ssl?
  #acl reencrypt hdr(host),map(/var/lib/haproxy/conf/os_reencrypt.map) -m found
  #use_backend be_secure_%[hdr(host),map(/var/lib/haproxy/conf/os_http_be.map)] if reencrypt

  # regular http
  use_backend be_http_%[hdr(host),map(/var/lib/haproxy/conf/os_http_be.map)] if TRUE

  default_backend openshift_default

## gistfile4.txt
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
Hello World
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
Hello World
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
Hello World
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
Hello World
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
Hello World
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
Hello World
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
[vagrant@openshiftdev ~]$ curl https://www.example.com -k
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
	00000000:public_ssl.accept(0006)=0009 from [10.0.2.15:56882]
	00000000:be_sni.srvcls[0009:000a]
	00000000:be_sni.clicls[0009:000a]
	00000000:be_sni.closed[0009:000a]
	00000001:fe_sni.accept(0007)=0009 from [10.0.2.15:56890]
	00000001:be_http_hello-nginx.clireq[0009:ffffffff]: GET / HTTP/1.1
	00000001:be_http_hello-nginx.clihdr[0009:ffffffff]: User-Agent: curl/7.32.0
	00000001:be_http_hello-nginx.clihdr[0009:ffffffff]: Host: www.example.com
	00000001:be_http_hello-nginx.clihdr[0009:ffffffff]: Accept: /
	00000001:be_http_hello-nginx.srvrep[0009:000a]: HTTP/1.1 200 OK
	00000001:be_http_hello-nginx.srvhdr[0009:000a]: Server: nginx/1.6.2
	00000001:be_http_hello-nginx.srvhdr[0009:000a]: Date: Mon, 12 Jan 2015 20:35:19 GMT
	00000001:be_http_hello-nginx.srvhdr[0009:000a]: Content-Type: text/html
	00000001:be_http_hello-nginx.srvhdr[0009:000a]: Content-Length: 12
	00000001:be_http_hello-nginx.srvhdr[0009:000a]: Last-Modified: Mon, 12 Jan 2015 14:49:40 GMT
	00000001:be_http_hello-nginx.srvhdr[0009:000a]: Connection: keep-alive
	00000001:be_http_hello-nginx.srvhdr[0009:000a]: ETag: "54b3df04-c"
	00000001:be_http_hello-nginx.srvhdr[0009:000a]: Accept-Ranges: bytes
	00000002:openshift_default.clicls[0009:000a]
	00000002:openshift_default.closed[0009:000a]
	00000003:public_ssl.accept(0006)=0009 from [10.0.2.15:56897]
	00000003:be_sni.srvcls[0009:000a]
	00000003:be_sni.clicls[0009:000a]
	00000003:be_sni.closed[0009:000a]
	00000004:public_ssl.accept(0006)=0009 from [10.0.2.15:56920]
	00000004:be_sni.srvcls[0009:000a]
	00000004:be_sni.clicls[0009:000a]
	00000004:be_sni.closed[0009:000a]
	00000005:fe_sni.accept(0007)=0009 from [10.0.2.15:56928]
	00000005:openshift_default.clireq[0009:ffffffff]: GET / HTTP/1.1
	00000005:openshift_default.clihdr[0009:ffffffff]: User-Agent: curl/7.32.0
	00000005:openshift_default.clihdr[0009:ffffffff]: Host: www.example.com
	00000005:openshift_default.clihdr[0009:ffffffff]: Accept: /
	00000005:openshift_default.clicls[0009:000a]
	00000005:openshift_default.closed[0009:000a]
	[root@router conf]# echo "show map /var/lib/haproxy/conf/os_http_be.map" \| socat unix-connect:/var/lib/haproxy/run/haproxy.sock stdio
	0x707190 www.example.com hello-nginx
	frontend fe_sni
	# terminate ssl on edge
	bind 127.0.0.1:10444 ssl crt /var/lib/containers/router/certs accept-proxy

	# re-ssl?
	#acl reencrypt hdr(host),map(/var/lib/haproxy/conf/os_reencrypt.map) -m found
	#use_backend be_secure_%[hdr(host),map(/var/lib/haproxy/conf/os_http_be.map)] if reencrypt

	# regular http
	use_backend be_http_%[hdr(host),map(/var/lib/haproxy/conf/os_http_be.map)] if TRUE

	default_backend openshift_default
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	Hello World
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	Hello World
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	<html><body><h1>503 Service Unavailable</h1>
	No server is available to handle this request.
	</body></html>
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	Hello World
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	Hello World
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	Hello World
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	<html><body><h1>503 Service Unavailable</h1>
	No server is available to handle this request.
	</body></html>
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	<html><body><h1>503 Service Unavailable</h1>
	No server is available to handle this request.
	</body></html>
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	Hello World
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	<html><body><h1>503 Service Unavailable</h1>
	No server is available to handle this request.
	</body></html>
	[vagrant@openshiftdev ~]$ curl https://www.example.com -k
	<html><body><h1>503 Service Unavailable</h1>
	No server is available to handle this request.
	</body></html>