SNI based rule - two application behind one port

nexo1960 · September 20, 2022, 10:10am

Hello all,
I have a requirement to run two different applications on a host behind port 443. When requesting the FQDN of the system, the request needs to be forwarded unchanged to another port. On the other hand, if the alias is addressed, the request should be forwarded to my nginx using the HAproxy protocol.
Currently I use sniproxy for this purpose, which works reliably so far. I would like to switch to HAproxy, but I am overwhelmed by the number of configuration options. Can you help me to transfer the sniproxy configuration into a simple/basic haproxy one?

user root

pidfile /var/run/sniproxy.pid

listen 0.0.0.0 443 {
   proto tcp
   table hosts
   access_log {
     filename /var/log/sniproxy/access.log
     priority debug
   }
}

table hosts {
   host.domain.foo 127.0.0.1:5665
   alias.domain.foo 127.0.0.1:8443 proxy_protocol
}

Thanks!

nexo1960 · September 21, 2022, 10:32am

I managed to solve it myself:

frontend sniproxy
  bind *:443
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }
  use_backend alias if { req.ssl_sni -m beg alias }
  default_backend fqdn
backend fqdn
  mode tcp
  server host 127.0.0.1:5665
backend alias
  mode tcp
  server host 127.0.0.1:8443 send-proxy-v2

my issue was that i useed send-proxy instead of send-proxy-v2

Topic		Replies	Views
Using HAproxy to terminate SNI and port forwarding Help!	6	1159	January 18, 2024
How to get HAProxy to route TCP based on SNI (using openssl s_client to test)? Help!	2	1624	December 13, 2019
SNI routing to servers - only ever sent to first server Help!	3	3650	May 26, 2017
TCP frontend verify SNI, then redirect HTTP and HTTPS traffic Help!	0	533	December 5, 2023
SNI 503 error when using port 443 on backend Help!	12	7636	December 6, 2017

SNI based rule - two application behind one port

Related Topics