SNI based rule - two application behind one port

nexo1960 · September 20, 2022, 10:10am

Hello all,
I have a requirement to run two different applications on a host behind port 443. When requesting the FQDN of the system, the request needs to be forwarded unchanged to another port. On the other hand, if the alias is addressed, the request should be forwarded to my nginx using the HAproxy protocol.
Currently I use sniproxy for this purpose, which works reliably so far. I would like to switch to HAproxy, but I am overwhelmed by the number of configuration options. Can you help me to transfer the sniproxy configuration into a simple/basic haproxy one?

user root

pidfile /var/run/sniproxy.pid

listen 0.0.0.0 443 {
   proto tcp
   table hosts
   access_log {
     filename /var/log/sniproxy/access.log
     priority debug
   }
}

table hosts {
   host.domain.foo 127.0.0.1:5665
   alias.domain.foo 127.0.0.1:8443 proxy_protocol
}

Thanks!

nexo1960 · September 21, 2022, 10:32am

I managed to solve it myself:

frontend sniproxy
  bind *:443
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }
  use_backend alias if { req.ssl_sni -m beg alias }
  default_backend fqdn
backend fqdn
  mode tcp
  server host 127.0.0.1:5665
backend alias
  mode tcp
  server host 127.0.0.1:8443 send-proxy-v2

my issue was that i useed send-proxy instead of send-proxy-v2

Topic		Replies	Views
Using HAproxy to terminate SNI and port forwarding Help!	6	386	January 18, 2024
Port forward all http(s) to haproxy for SNI with LE/nginx, and restrict some TCP/mysql access per IP Help!	9	1863	January 22, 2023
Proxy-pass SNI header to backend servers by default Help!	0	225	March 28, 2023
How to redirect traffic on port 8443 Help!	5	4829	April 25, 2016
SNI switching with haproxy kubernetes controller Help!	0	372	August 3, 2020

SNI based rule - two application behind one port

Related Topics