HAProxy community

Need some guidance on how to setup HAProxy with SSL port 6443 and serving as a browser proxy

I am new to HAProxy and using a docker image from

My requirement is that HAProxy is to function as a browsers Proxy , such that i will set HAproxy’s IP and port 6443 as a HTTP/HTTPS proxy in manual proxy settings in Firefox browser

Now in browser i want to put a URL - https://123-
such that the request first lands on HAProxy IP and port 6443
and then i want to navigate to my servers based on the Hosts requests received-
say- Host is 123- , navigate to backend server 8443
say Host is 456-, navigate to backend server 8443

Note- All Ips are just for example.

I have my config as below , but i keep getting SSL Handshake errors as soon as i type anything on the browser (after setting manual proxy), any help is appreciated-

maxconn 50000
log /dev/log local0
log /dev/log local1 notice
user haproxy
group haproxy
ssl-dh-param-file /usr/local/etc/haproxy/dhparam.pem
ssl-default-bind-options ssl-min-ver TLSv1.2
ssl-server-verify none
stats socket /run/haproxy/admin.sock user haproxy group haproxy mode 660 level admin

timeout connect 60s
timeout client 120s
timeout server 120s
timeout tunnel 1h
timeout http-keep-alive 5s
timeout http-request 15s
timeout queue 15s
timeout tarpit 15s
default-server inter 3s rise 2 fall 3
log global
mode http
option httplog

frontend stats
bind *:8404
stats enable
stats uri /stats
stats refresh 10s
stats admin if LOCALHOST

frontend ssl
bind *:6443 ssl crt /usr/local/etc/haproxy/cert.pem #This is a let’s Encrypt certificate which contains cert + key together in one file
mode http
use_backend backend_123 if { hdr(host) -i 123- }
use_backend backend_456 if { hdr(host) -i 456- }

backend backend_123
mode http
server srvr_123 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend backend_456
mode http
server srvr_456 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }

That’s not what haproxy does. Haproxy is a reverse proxy, not a forward proxy.

You need to use squid or tinyproxy instead.