I'm trying to configure Haproxy to run on public port 443 and send TCP traffic to the right place as follow:
- 2 Nginx instances with SSL termination. Traffic router to either depending of hostname. All web traffic is over HTTPS.
- OpenVPN
- OpenSSH
I think my config is pretty close, but somehow I can't get it to work. My web requests just timeout.
What am I doing wrong?
global
log /dev/log local0 debug # TURN OFF DEBUG!
log /dev/log local1 notice
#log loghost local0 info
maxconn 1024
defaults
log global
mode http
option httplog
option dontlognull
option tcplog
retries 3
option redispatch
maxconn 2000
timeout connect 5000
timeout client 50000
timeout server 50000
listen HAProxy-Statistics
bind *:1936
mode http
option httplog
option httpclose
stats enable
stats uri /
stats refresh 10s
stats show-node
stats show-legends
stats show-desc Haproxy Frontend
stats auth admin:admin
frontend ssl_relay
bind 0.0.0.0:443 name frontend-ssl
mode tcp
option tcplog
option socket-stats
# option nolinger
maxconn 300
log /dev/log local0 debug # overkill! turn this off when not needed
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend https_one if { req_ssl_sni -i home.example.com }
use_backend https_two if { req_ssl_sni -i nc.example.com }
use_backend openvpn if !{ req.len 0 }
use_backend openssh if { req.len 0 }
default_backend https_one
backend https_one
mode tcp
server home-https-server 10.0.0.4:4443 send-proxy
backend https_two
mode tcp
server nc-https-server 10.0.0.4:4444 send-proxy
backend openvpn
mode tcp
server openvpn-server 10.0.0.4:1194
backend openssh
mode tcp
server openssh-server 10.0.0.5:22
Best Answer
Speaking about OpenVPN, I came to the conclusion that putting it behind is counterproductive.