How to set up SSL passthrough with multiple domains with HAproxy?
How does one set up HAproxy for multiple domains, to multiple backends while passing through SSL? I would also be open to an nginx solution
Example in diagram for a better explanation:
backend_domain_a domain-a.com-. .-> 220.127.116.11 | | +-> haproxy -+ | | backend_domain_b domain-b.com-' '-> 789.789.789.789
Note Each backend server will be issueing their own certificate. Hence the need for SSL passthrough.
I have this configuration, but doesn’t work for multiple reasons (the key one being the missing port number):
frontend www bind *:80 bind *:443 option tcplog acl host_domain_a hdr(host) -i domain-a.com acl host_domain_b hdr(host) -i domain-b.com use_backend backend_domain_a if host_domain_a use_backend backend_domain_b if host_domain_b backend backend_domain_a server web_a 18.104.22.168 check backend backend_domain_b server web_b 789.789.789.789 check
In others words, I want Haxproxy to not terminate the SSL.
I initially wanted to do this with
Nginx but apparently it can’t act as a non-terminating point while reading the host details (though might be available in future versions with ssl preread)
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.