HAProxy community

Ssl termination with multiple domains

We have a single haproxy installation and we need to put it in front of a cPanel server hosting many sites , the configuration worked for a single site with SSL but when i added another one the second site is seeing only the first SSL and not it’s own.

log /dev/log	local0
log /dev/log	local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
    tune.ssl.default-dh-param 2048

log global
mode http
option httplog
option http-server-close
option http-buffer-request
timeout http-request 5s
timeout connect 5s

option	dontlognull
    timeout connect 5000
    timeout client  30s
    timeout server  10s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend stats
bind *:8404
stats enable
stats uri /stats
stats refresh 10s
stats admin if LOCALHOST

frontend public
bind *:443 ssl crt /etc/haproxy/ssl/
reqadd X-Forwarded-Proto:\ https
default_backend cpanel

frontend all
bind *:80
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
http-request track-sc0 src table cpanel
http-request deny deny_status 429 if { sc_http_req_rate(0) gt 100 }
use_backend letsencrypt-backend if letsencrypt-acl
default_backend cpanel

backend letsencrypt-backend
server letsencrypt

backend cpanel
stick-table type ip size 1m expire 10m store http_req_rate(10s)
server cpanel check