Hi All,
Here is my server setting
- Router 192.168.0.1
- HAProxy 192.168.0.2
- SFTP Server 192.168.0.3
- Web Server 192.168.0.4
Router Port (Port: 12345) forward to HAProxy
And Here is my HAProxy config
global
log /dev/log local0
log /dev/log local1 notice
maxconn 1024
daemon
nbproc 1
pidfile /var/run/haproxy.pid
tune.ssl.default-dh-param 1024
ca-base /etc/CA/certs
crt-base /etc/CA/private
defaults
log global
mode http
option httplog
option dontlognull
timeout server 30s
timeout connect 30s
timeout client 30s
retries 2
frontend http_redirect
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
frontend https
# bind *:12345 ssl crt /etc/CA/private/test.example.com.pem
bind *:12345
mode tcp
option tcplog
tcp-request inspect-delay 2s
tcp-request content accept if { req.ssl_hello_type 1 }
timeout client 2h
http-request set-header X-Forwarded-Proto https
acl ssh_payload payload(0,7) -m bin 5353482d322e30
acl ACL_Web ssl_fc_sni -i test.example.com
use_backend openssh if ssh_payload
use_backend openssh if !{ req.ssl_hello_type 1 } { req.len 0 }
use_backend Web_cluster if ACL_Web { req.ssl_hello_type 1 }
backend Web_cluster
mode tcp
server webserver 192.168.0.4:443
backend openssh
mode tcp
timeout server 3h
server openssh 192.168.0.3:22
SFTP and Web work, but if I bind the frontend https with ssl certs, i.e.
bind *:12345 ssl crt /etc/CA/private/test.example.com.pem
Both SFTP and Web cannot connect.
Any hints?
Thanks!