Thank you very much for HAProxy and this forum ;-).
I successfully configured multiple domains with multiple certs (requires SNI / Server Name Indication).
frontend config looks like this:
frontend prt-http mode http option httplog bind *:80 bind *:443 ssl crt /cert/firstdomain.com.pem crt /cert/seconddomain.com.pem crt /cert/thirddomain.com.pem option forwardfor # and then ACLs for different domains
I tested how to change SSL configuration for everything by for example adding this into
global ... ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
And I also tested adding extra configuration to the line with certificates:
bind *:443 ssl crt /cert/firstdomain.com.pem crt /cert/seconddomain.com.pem crt /cert/thirddomain.com.pem no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
But that changes configuration globally / for all certificates / domains. I need to change SSL config for a single domain.
Could you please tell me is there a way how to change configuration for a single certificate (single domain) without need for another public IP?
I know I can do that by adding another
frontend. The problem is that I’d need two public IP addresses so I can bind first frontend to
bind 126.96.36.199:443 and second to
bind 188.8.131.52:443 but adding another IP is a problem at this moment and I’d rather avoid it if possible.