Use HAProxy to different FTPS servers

I am running a datacenter for different customers and use HAProxy to different servers based on the domain they connect with. This works really great.

Now I want to extend this to allow our customers to also setup internal FTPS servers through a proxy.

The reason we do this is to preserve external IPs as much as possible.

As I understand it, FTP does support Host Headers as long as the FTP server have implemented that feature which Microsoft IIS (in this case) does.

My question is, how can I configure a HAProxy ACL to lookup the host header and direct traffic based on domain name?

I have tried the following without success:

frontend fe_ftp
bind (haproxy-ip):21 transparent
bind (haproxy-ip):50010-50020 transparent
option tcplog
mode tcp
#ACL Lists
acl req.ssl_sni -i
use_backend be_ftp if

#default_backend be_ftp

backend be_ftp
mode tcp
balance source
hash-type consistent
stick on src
stick-table type ip size 10240k expire 30m
server check port 21 inter 10s rise 2 fall 2

If I remove the comment on “default_backend be_ftp” everything works like a charm.

No, it does not.

Neither the control traffic on port 21 looks like SSL with a SNI value, nor does the data traffic on the higher ports.