Hi, everyone.
I wonder if HAProxy can inject the specific HTTP Headers into HTTPS requests by SSL Termination and re-encryption.
For example, suppose that there is a REST API serving HTTPS only.
And we put the HAProxy in front of the REST API server.
At that time, I just want this HAProxy to decrypt users’ HTTPS requests and put additional HTTP Header.
And then the HAProxy should forward re-encrypted HTTPS requests to the backend servers.
(I don’t want a simple SSL Termination.)
In summary:
- Can HAProxy accept HTTPS requests and add HTTP Header in the frontend and then deliver re-encrypted HTTPS to the backend servers?
- If the backend servers need a client certificate for authentication, how can it be possible?
Is it possible?
Is there anybody who has some experience in the similar environment?
Thanks in advance for you help.
My HAProxy configurations are as follows:
listen api_ssl
mode http
bind *:443 ssl crt /etc/haproxy/apiserver.pem ca-file /etc/haproxy/ca.pem
redirect scheme https if !{ ssl_fc }
option http-server-close
option forwardfor
http-request set-header X-Forwarded-Proto https
http-request set-header X-Client-Certificate %[ssl_c_der,base64]
rspadd Strict-Transport-Security:\ max-age=15768000
default_backend api_back_ssl
backend api_back_ssl
mode http
server api 127.0.0.1:6443 ssl check verify none