Hey all,
I’m struggling with a scenario where i have to setup haproxy 2.4 with sni where our backend IIS servers with wildcard certificates.
For now, I’m able to achieve the desired result by using tcp mode on both frontend and backend configs:
apiVersion: v1
kind: ConfigMap
metadata:
namespace: proxy
name: haproxy
data:
frontend.cfg: |
global
log stdout local0 info
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 2m
defaults
log global
timeout connect 86400000
timeout client 86400000
timeout server 86400000
frontend https
bind *:4443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl eg req.ssl_sni -m end .domain.com
use_backend eg if eg
eg.cfg: |
defaults
timeout connect 86400000
timeout client 86400000
timeout server 86400000
backend eg
mode tcp
option tcp-check
balance roundrobin
stick-table type ip size 50k expire 10m
stick on src
server eg_0 192.168.1.1:443 weight 1 maxconn 100 check verify none
server eg_1 192.168.1.2:443 weight 1 maxconn 100 check verify none
But the main issue is that our backend web servers require cookies, which is something that we can’t have by using tcp mode.
By any chance, someone was able to configure a similar setup?
Thanks in advance.