HAProxy SSL Termination with differents ports, it's possible?


#1

First, overview architecture:

—> https —> Apache --> https:7145 --> Balance (Haproxy):7145 --> backend:7145 (tomcat https).

  1. The connection https incoming in apache:
    #Framework
    ProxyPass /token https://balance:7145/token smax=5 max=10 ttl=120 retry=300
    ProxyPassReverse /token https://balance:7145/token

  2. haproxy conf

frontend https
bind 172.17.37.93:7145 ssl crt /etc/httpd/certificados/apiqlt/apiqlt.ogmaster.local.pem ( contains a cert for all the domains you want to host, or a wildcard cert that covers them)
mode http
default_backend server_https

backend server_https

redirect scheme https if !{ ssl_fc }

    mode http
    server server1 172.17.35.231:7145 check
  1. The problem is that https is in different port and encrypts who is apache
  2. Like the haproxy made only brige the https connection, it’s possible ? with diffents ports https ?
  3. I tested with tcp mode without success for ssl backends