Trying to re-establish SSL for connection to TCP backend

jefferywk · February 20, 2016, 1:13pm

Greetings all,

We have a requirement to terminate SSL for a TCP protocol (ActiveMQ Openwire) using HAProxy, and then forward the request over SSL to the backend ActiveMQ broker.

It looks something like this:

client --> Openwire over SSL --> HAProxy (terminates SSL) --> Openwire over SSL --> backend ActiveMQ broker

Is this possible with HAProxy?

I’m able to terminate SSL and forward the unencrypted request to the backend, but I cannot figure out how to make the request from HAProxy to the backend over SSL.

I am using HA-Proxy version 1.5.14

Regards,
Jeff

darix · February 22, 2016, 2:49pm

you can do that. you might have to tell it which hostname to expect in the ssl cert from the backend. (tested with 1.6) see verifyhost option for the server statement.

Topic		Replies	Views
Terminating opportunistic TLS (STARTTLS) Help!	2	3625	April 3, 2019
How to delivery HTTPS to the backend servers after SSL Termination Help!	2	3886	November 6, 2020
Https header inspection for backend https routing Help!	0	276	February 5, 2022
Cannot banlance https to backend Help!	2	377	August 24, 2020
Haproxy ssl termination and upstream forward proxy Help!	8	4591	January 12, 2021

Trying to re-establish SSL for connection to TCP backend

Related topics