HAProxy community

Cannot banlance https to backend

As the https://github.com/haproxy/haproxy/issues/827 described.

I would like to balance https stream using the same pem with the haproxy does. But after haproxy frontend https was proxyed as http stream to my https server. How to make it https again?

Hello,

So you’re trying to have HTTPS requests going to your backend servers? It should be pretty straightforward:

server s1 192.168.1.1:443

Still, it’s rather unusual, to say the least. Is there a reason for not using your proxy as an SSL termination OR use L4 at the haproxy level and do all the SSL decryption and encryption on the backend servers? I’m asking this because right now, the traffic hits your HAProxy encrypted, it gets decrypted so the proxy can see what’s going on with the request, it get encrypted again, sent to the backend server which decrypts it and does some stuff… You’re basically doing one encrypt / decrypt cycle with no apparent gain and you’re using CPU cycles that could be put to better use.

Hi

Yes, it maybe a little wired. But I am trying to find a nice way to distinguish the two stream. If I do as what you said, put the ssl on backend sever and do nothing on the Haproxy. It cannot achieve these things. So, how to force it do ssl again on backend sever with ssl on frontend? I look through all possible config on the document and forum, none of them works. I don wanna use sni and these backend and frontend share the same certification.