How to send https traffice to correct destination based on the subdomain it was sent to?


#1

Hi
I have https traffic coming into my network on port 443, now based on the subdomain of the query I need to send it to correct server on local network.
Any idea how to accomplish this?


#2

If i have understood your question you should use acl. This is well documented!

Here is an example:
frontend app1
acl app1 hdr(host) -i subdomain2.domain.com
default_backend app1
use_backend app1 if app1

frontend app2
acl app2 hdr(host) -i subdomain1.domain.com
default_backend app2
use_backend app2 if app2

backend app1

backend app2

Regards


#3

Are your terminating TLS on haproxy (as in, do you install certificate and private key on haproxy) or are you just trying to forward encrypted traffic to different backend HTTPS server, based on the hostname/SNI?


#4

I am trying to forward an encrypted traffic to other https servers based on the subdomain the traffic was sent to.
Thank you.


#5

#6

Thank you !!!
This seems to work.
One more question how do I log what rules get matched ?
At the moment I only get :
haproxy[20235]: Connect from 216.8.166.139:22625 to 192.168.199.3:443 (https-in/TCP)


#7

Enable option tcplog.

I forgot to mention: please make sure your SSL certificates on the servers don’t overlap, otherwise a browser may use an existing SSL session to backend/server A to make request to you’d expect to go to backend/server B.