I would like terminate SSL at HAProxy, do some manipulation on the header, rewrite URL and re-encrypt traffic and send to backend servers as SSL?
I can't seem to find a way to do this. I can get regular SSL termination done, and send plain HTTP requests to backend. But I need to send SSL to backend.
I would like to have the following features:
- Extract x-forwarded-for headers, to get the real client IP behind proxy.
- Implement session stickiness using cookie.
- Do some URL rewriting.
- Send SSL traffic to backend using cookie based session stickieness.
Unless I terminate SSL at haproxy end, I cannot get URL rewriting done.
Any help from the good people here would be highly appreciated.
Best Answer
There's nothing special to do in haproxy.cfg. You simply configure whatever URL rewrites and header manipulations you want within your HAProxy frontend and then redirect traffic to your SSL backend. Here's an quick example: