SSL Termination: Multiple Domains Sharing Same IP and Port

lukastribus · January 5, 2022, 2:41pm

This configuration does not make sense to me, let’s clarify what your goals are first.

You do not appear to have any domains where you need to pass through SSL transparently, without SSL termination.

All the SSL termination should happen on haproxy, correct? There are no (real) backends that expect traffic on port 443?

Why all those duplicates backends?

Unless your requirements are way more complicated, just configure both certificates on the bind line:

frontend fe1
  bind *:80
  bind *:443 ssl crt /etc/haproxy/ssl/2.pem crt /etc/haproxy/ssl/1.pem force-tlsv12 force-tlsv12
  default_backend be1

backend be1
  balance roundrobin
  server 1 192.168.20.101:80 check
  server 2 192.168.20.102:80 check

Topic		Replies	Views
Ssl termination with multiple domains Help!	0	422	April 22, 2020
Ignore / pass-through SSL for some domains and terminate / decrypt for other Help!	2	2027	October 20, 2020
SSL termination on whole domain Help!	0	382	May 29, 2020
HAProxy SSL offloading/termination Help!	1	1400	March 31, 2017
SNI and SSL offloading/termination with multiple domains Help!	2	901	May 4, 2020

SSL Termination: Multiple Domains Sharing Same IP and Port

Related Topics