SSL offloading in both direction

Hello all!

i’m need help regards this configuration that i have started and before complete it.

I need to realize the follow situation:

I have multiple internal server that can listen only in clear (http and snmp).
While, from external to internal i need to expose TLS then redirect internal in clear.
Last but not least, internal server sometime act as a Servers and sometime as client.

When act as server, no problem i found with my initial configuration (i expose an example port with ssl cert in haproxy).

But I geuss, if the following one is correct when my server start as a client, and i need to realize this flow:

(internal server) — http – HAProxy – https - external:


frontend intern_http
bind 127.0.0.1:8000
http-request redirect scheme https unless !{ ssl_fc }
default_backend ext_https

ext_https

backend external_https
server target_1 <target_https>:6601 check inter 5s fall 3 rise 1

With this configuration when:

  1. I act like a client, the send an curl in http at 127.0.0.1:8000, it doesn’t work.
  2. I act like a client, then send an curl in https at 127.0.0.1:8000 it works:

<target_https> is my custom server that listen in https

My doubt is regards target point at client level …it is correct to point in https or I had to point in http then haproxy has to redirect in https? (even if my initial answers and configuration it’s correct for my scope)

Thx to all!

This doesn’t make any sense. What exactly are you trying to achieve?

I’m sry for confusion exaplain.

In short:

My backends sometime act as client towards exetrnal server and sometine act as server.

I want that they can be speak in clear (internal) and, after haproxy (that apply ssl offloading) can speak in secure way with target server.

My_backend (clear) ↔ HA PROXY ↔ (tls) external_server

for both direction (client/server) I need to expose only certificate in haproxy frontend VIP?

I hope it is more clear, thx!