Hi there,
I currently explore the possibilities of HAProxy. This thing can do a lot 
Now I’ve reached a point where I do not know what to do next. I’ve compiled HAProxy from sources with version 1.7-dev6 (See -vv below).
The goal is to accomplish SSL/TLS bridging with some extensions as described here https://www.haproxy.com/doc/aloha/7.0/deployment_guides/tls_layouts.html#ssl-tls-bridging-or-re-encryption
The traffic between Client and HAProxy should be H2 or HTTPS/1.1, the traffic between HAProxy and Server can only be HTTPS/1.1 (thank you, legacy application!), and I need to use SNI.
My configuration so far:
frontend frontend_https-sni
bind *:443 ssl crt /etc/haproxy/ssl/
mode http
use_backend %[ssl_fc_sni,lower,map_dom(/etc/haproxy/switch_ssl.map)]
backend backend_ssl_1
mode http
server web0 127.0.0.1:443 ssl verify none check
backend backend_ssl_2
mode http
server web0 127.0.0.2:443 ssl verify none check
This works fine. But as soon as I try to add „alpn h2,http1.1“ to the bind param the configuration does not work anymore. I have reached a bunch of different configurations, but none of them did work…
My questions are:
- Is it even possible to accomplish what I am trying to do? I haven’t found anyone doing it already. I would be really happy if I do not have to deploy nginx…
- If yes, can you give me some direction where I need to go, please?
Thank you very much!
Kind regards,
Max