in the current configuration, we are using www.abc.com(suppose is 10.10.10.1) as dns name of haproxy server . it can deal with request of www.abc.com, just like this
www.abc.com/url1 ------> backend server (host1/host2)
can we add another domain requests to this haproxy ?
suppose we want to this haproxy to deal with www.def.com/url2 , can we achieve it with this ?
1) bind www.def.com to 10.10.10.1 also.
2) for https , we will apply one certificates for www.abc.com and www.def.com
3) create a policy , forward the url begin with url2 to the backend server host3/host4 ?
Should look something like this:
# You can put multiple certs on your bind line like this.
bind 10.10.10.1:443 ssl /path/to/abc.com.pem crt /path/to/def.com.pem
# "is_abc" or "is_def" becomes true of the request host header matches.
acl is_abc hdr(host) -i www.abc.com
acl is_def hdr(host) -i www.def.com
# If a host matches, route to that backend.
use_backend abc if is_abc
use_backend def if is_def
# If no host matches, use this backend.
default_backend no_route
backend abc
server host1 ...
server host2...
backend def
server host3...
server host4...
backend no_route
http-request deny deny_status 403
Edit: There should not be a space in the bind line between the IP and port: 10.10.10.1:443
1 Like
You can also specify a folder on the bind line and place all your concatenated .pem files into it. For example:
bind *:443 ssl crt /etc/haproxy/certificates/ alpn h2,http/1.1
If you do this, the client will pick the correct certificate based on SNI (Server Name Indication). Make sure that you don’t leave multiple certificates for the same domain in that folder. If you do, the client could potentially pick the wrong one, and then you’ll get errors if the one it chooses is expired or misconfigured in some way.
2 Likes