HAProxy community

SSL Termination for MSSQL

Hi everyone,

what i am Trying to archive is to use haproxy 2.0.10 as SSL Proxy for an MS-SQL Server. The Connection to the backend has to be established without SSL.

I am usind the following (simple) config:

listen 30-MSSQL_tcp
bind 10.40.0.11:1433 ssl crt /etc/pki/bundle/wildcard.domain.tld.bundle.pem
mode tcp
option tcplog
option tcpka
server 11.22.33.44:1433 inter 1s rise 1 fall 1

It works when i disable SSL. Has anyone ever archived a Setup like that. Or is it just impossible?

Any help or Input is highly appreciated!

I have yet to become familiar with the all in on listen vip. I dont see any glaring config issues. Have you tried splitting it up into a frontend and backend section? Im not sure if it performs any different but suggesting an alternative.

Is the back end healthy? I know when i dont have a check it will not not the servers are up in my stats page. I added the check below…

frontend server123.something.com
mode tcp
option tcplog
option tcpka
bind 10.40.0.11:1433 ssl crt /etc/pki/bundle/wildcard.domain.tld.bundle.pem
default_backend server123

backend server123
mode tcp
balance roundrobin
server 11.22.33.44:1433 check inter 1s rise 1 fall 1

If it works for you when you disable SSL in the frontend section of haproxy, that simply means you did not enable SSL on your client.