i am looking for a very “special” configuration.
The clients connect to the Company’s main HAProxy. From there our SEC team has a centralized SQUID instance to DMZ/Company network, no direct connections allowed
HAproxy :443 -> SNI Based routing, without SSL termination -> SQUID WebProxy that can connect to DMZ apache.
Now the clients do get the TLS connection IP of the HAProxy, the SNI routing works, but i am not able to figure out the best way to inject the HTTP Connect handshake before passing the encrypted tunnel to SQUID.
I would like to do the following:
HAProxy gets the TLS connection, including SNI information.
Extract host from SNI.
Create HTTP Connect to Squid with that SNI information.
Stream the encrypted data from input to the backend squid.
Is there a way to do that in HAProxy / Lua ?
Thanks for your help