Hello,
I’m looking for advice, I’ve like 100 iDRAC for managing servers, and I need to keep them with SSL certificates, every year I need to go manually replace SSL certs.
So I’ve come with an idea to use one haproxy to use one point to replace the SSL wildcard certificate.
It works fine until I’ve trying to open Virtual Console - which is most likely websocket for VNC port 5900. Is there any way to establish that?
I’ve got one form, and multiple backends - that depending on URL… for example:
if URL is: server01-mgmt.domain.com then redirect to web idrac IP
defaults
mode http
log global
option tcplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 60s
timeout server 60s
timeout http-keep-alive 10s
timeout check 10s
maxconn 50000
frontend:
frontend https-all-internals
bind 10.1.128.70:80
bind 10.1.128.70:443 ssl crt /etc/haproxy/ssl/wildcard.cert
mode http
option httplog
use_backend proxmox_back if { hdr_dom(host) -i server01-mgmt.domain.com }
backend
server server01-ipmi 10.10.10.90:443 check ssl verify none
http-request add-header X-Forward-Proto https if { ssl_fc }