I'm trying to do something like this:
- Clients send HTTP request to HAProxy.
- HAProxy does the TLS stuff to convert the request into https and forward to a server. HTTP to the client.
- The server sends https response to HAProxy, then the response is forwarded as HTTP to client.
Currently, I'm not so sure how to achieve that goal with HAProxy. I tried to create a frontend listen on a custom port and then forward to a backend server. This is my HAProxy configuration:
frontend manager_https
bind *:8443
mode tcp
log global
maxconn 2000
timeout client 50000
default_backend https_be
backend https_be
timeout connect 5000
timeout server 50000
retries 3
server rtmp-manager 127.0.0.1:12345 check-ssl verify none
Unfortunately, this does not work. When clients send HTTP request, HAProxy also forward the HTTP request to backend server, not HTTPS.
How can I change the configuration to make it works as expected?
Another question: Is there any ways to make the offload transparent with client using HAProxy?
I would really appreciate any help!
Best Answer
Specify the
ssl
directive in the definition of your backend server, like this:Note that the
check-ssl
option affects the health checks only, and ifssl
is specified, it can be omitted, since health checks are automatically done via SSL.HAProxy should act as a transparent reverse proxy, so clients should not recognize that the requests are in fact handled by backend servers.