Last active
July 13, 2018 02:02
-
-
Save hxyconan/6d33dd0fba944e477a82fdb56cbfde4a to your computer and use it in GitHub Desktop.
Haproxy configuration for SSL request passthrough with ACL rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Haproxy configuration for SSL request passthrough with ACL rules | |
# Notes: There is a problem there, the req_ssl_sni -i will check the exactly domain in the certificate, if the certificate has Alt name or SAN, such ACL role does not work | |
# Ref: | |
# https://github.com/rancher/lb-controller/blob/master/provider/haproxy/config/haproxy_template.cfg#L32 | |
# https://stackoverflow.com/questions/30393390/redirect-http-to-https-haproxy-use-ssl-passthrough | |
# https://gist.github.com/voduytuan/a919c408f61121b6dcc6 | |
#--------------------------------------------------------------------- | |
# Proxys to the webserver backend port 443 | |
#--------------------------------------------------------------------- | |
frontend main_ssl | |
bind :443 | |
mode tcp | |
option tcplog | |
use_backend backend_host req_ssl_sni -i EXAMPLE.domain.com | |
default_backend static | |
backend backend_host | |
mode tcp | |
balance roundrobin | |
server backend_server x.x.x.x:443 check | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment