HAProxy for converting HTTP to HTTPS request with server requiring SNI

satya · January 15, 2018, 12:26pm

here is the haproxy.config file details :
global
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

defaults
mode http
log global
option httplog
option dontlognull
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000

frontend http_front

	bind localhost:443 ssl crt /etc/haproxy/certs/cert.pem
	reqadd X-Forwarded-Proto:\ https
	default_backend http_back

backend http_back
server server1 192.168.1.1:443 ca-file /etc/ssl/certs/root.pem ssl sni (server1)

Topic		Replies	Views
Getting HAProxy to use TLS towards backend fails Help!	1	237	May 1, 2023
HAProxy 1.6 with SNI and different SSL Settings per hostname Help!	1	8877	October 5, 2016
HAProxy 1.6, Backend SNI not working in my implementation Help!	2	3443	June 12, 2016
Configuration does not work when tested with openssl without servername Help!	6	1074	May 27, 2018
Can 1.6 do SNI on backend? Help!	11	13477	June 7, 2016

HAProxy for converting HTTP to HTTPS request with server requiring SNI

Related Topics