Haproxy can proxy to multiple separate VMs?

Hello everyone.

I can not find an option to make the proxy work for two (or more for the future virtual machines)

Now we have:
Pool of VM sites that hang on ip 192.168.1.35 and are perfectly proxied by Haproxy. Each site has its own certificate.

I started another VM 192.168.1.33 - (crm, office, etc.) - well damn I can’t get it to work, all the time a certificate is given to one of the machines with the first VM

Here is the config - what am I doing wrong?

frontend MY-SSL
bind *:443
        mode tcp
#       mode http
#       option forwardfor
#       reqadd X-Forwarded-Proto:\ https
        use_backend MY-SSL

backend MY-SSL
        mode tcp
        stick-table type ip size 1m expire 1h
        stick on src
        timeout connect         10s
        timeout client          1m
        timeout server          1m
        option ssl-hello-chk
        server mysite.ru 192.168.1.35:443 send-proxy check



frontend MY-CRM
bind *:443
        mode tcp
#       mode http
        option forwardfor
        reqadd X-Forwarded-Proto:\ https
       use_backend MY-CRM

backend MY-CRM
        mode tcp
        stick-table type ip size 1m expire 1h
        stick on src
        timeout connect         10s
        timeout client          1m
        timeout server          1m
        option ssl-hello-chk
        server crm2.mysite.ru 192.168.1.33:443 send-proxy check
root@HAPROXY:~# curl -I https://crm2.mysite.ru
curl: (51) SSL: no alternative certificate subject name matches target host name 'crm2.mysite.ru'

Hi,
You are binding two frontends on the same port (443).
You must configure one frontend, and then configure the routing to target the appropriate backend.

1 Like

Hello!
Thanks for answering!
Please tell me how to do this routing? I either searched badly on the Internet or did not find it :slight_smile:
Or does it need to be implemented through a firewall?

The keyword “use_backend”, with an ACL condition, will allow you to choose which backend should be used HAProxy version 2.0.19 - Configuration Manual

You may find useful information about tcp/sni routing at HAProxy version 2.0.19 - Configuration Manual and you can look at some of Lukas posts in this discourse, he posted plenty of config sample.