TCP routing based on FQDN

Hi, I’m trying to route TCP traffic on port 122/tcp to remote SSH server based on the FQDN.

Here is my HAProxy configuration :

frontend my_ssh_frontend
    bind *:122
    mode tcp
    option tcplog
    acl my_ssh_acl hdr(host) myHostname.myDomain.com
    use_backend my_ssh_backend if my_ssh_acl

backend my_ssh_backend
    mode tcp
    server myserver1 x2.y2.z2.t2:22 check

But it is as if the ACL condition is never true and therefore, the traffic is not routed to the backend :

 ssh.exe -p 122 -l admin-media myHostname.myDomain.com -vvv 2>&1 | egrep.exe -vw "identity file|Failed to open"
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug2: resolving "myHostname.myDomain.com" port 122
debug2: ssh_connect_direct
debug1: Connecting to myHostname.myDomain.com [x1.y1.z1.t1] port 122.
debug1: Connection established.
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
kex_exchange_identification: Connection closed by remote host

How can I do that ?

You cannot do that.

hdr(host) means the ACL is looking at the HTTP header Host, which is possibly if the traffic is unencrypted HTTP.

But SSH is not HTTP, and SSH does not have any header on the client side that indicates the hostname you are connecting to, which is why what you are trying to achieve is not possible.

Found this one Route SSH Connections with HAProxy (In-Depth Configuration)

In the blog post the SSH connection encapsulated in a SSL connection, to allow context switching between backends, that is correct.