Haproxy SSL pass through

Hi Team,

I was wondering if you could help me with Haproxy load balancer with SSL Pass through. I have a wildcard for my domain. I have configure all setting for ssl pass through on my haproxy server. I have also installed SSL certificate in my backend server but the problem here is I can browse my page through its domain name with SSL encrypted but I can’t browse it with its IP address. Since I can’t browse it with IP address I am not able to point that IP address in backend setting on my haproxy configuration. I would like to know if there is any solution for it.

Thank You.

Are you sure that the Subject Alternative Name of the certificate match the IP address too?

Without seeing your config it is hard to say. If you configured HAProxy for SSL passthrough, i.e. TCP level 4 loadbalancing and your DNS points at the HAProxy, then there should be no issue even if your SSL certificate does not contain the IP address.
What error does HAProxy return?

Sry for late reply. I haven’t configured SAN. I will try it.

Thank you.

Hi Goodmirek,
Below is my haproxy configuration.

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

defaults
mode tcp
log global
option dontlognull
log-format “%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq”

timeout connect 5000
timeout client 50000
timeout server 50000

frontend localhost
bind *:80
bind *:443
option tcplog
mode tcp
default_backend nodes

backend nodes
mode tcp
balance roundrobin
option ssl-hello-chk
server web01 192.168.20.102:443 check

My problem is when I map 192.168.20.102 to my sub-domain. It gets browse by that sub domain name with ssl encryption. But I can’t browse the page by its IP. So In haproxy configuration at my backend configuration I can’t call backend server IP.

So is there any way to solve it.

Ty.