HAProxy community

Reverse HAProxy


I have IIS web Site in VM , in this machine i have 2 sites www.site1.com and www.site2.com

i have 1 WAN both site host in this WAN ip

so i want to make configuration

if someone types from outside : wwww.site1.com wnat to open site1 web page
is someone types www.site2.com wants to open site2 web page

both are in same Vm machine

i want to make ssl for site 1 and site 2 as well
,i am not guru in this direction and need advice

please see my sample config, but not workings :
maxconn 10000
stats socket /tmp/haproxy.socket level admin
uid 80
gid 80
nbproc 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
server-state-file /tmp/haproxy_server_state

frontend shared-merged
bind name ssl crt-list /var/etc/haproxy/shared.crt_list - here is all cert path for both site
mode http
log global
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
acl ACL1 var(txn.txnhost) -m str -i site1.com
acl aclcrt_www.site1.com var(txn.txnhost) -m reg -i ^haproxy-pfsense(:([0-9]){1,5})?$
acl ACL1 var(txn.txnhost) -m str -i www.site2.com
http-request set-var(txn.txnhost) hdr(host)
use_backend www.site1.com_ipvANY if ACL1 aclcrt_site1
use_backend www.site2.com_ipvANY if ACL1

frontend http-to-https
bind name
mode http
log global
option http-keep-alive
timeout client 30000
http-request redirect scheme https

backend www.site1_ipvANY
mode http
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
server www.site1.com id 101

backend www.site2.com_ipvANY
mode http
id 102
log global
timeout connect 30000
timeout server 30000
retries 3
server www.site2.com id 101 check-ssl verify none

i tried but can not figure out

can you tell us why you enabled SSL check on port 80 in backend site2?

You don’t have any health check enabled on your backend server line. I would enable them first and check the server status in haproxy stats page.
Then, you don’t need all these acls in your frontend. I don’t even understand what you need to do.
From my point of view, since your server already handle virtualhosting, just have one frontend, one backend and done. then you can add more complexity if needed.