HAProxy – Use as HTTPS Forward Proxy and SSL Termination

I'm trying to do something like this:

Clients send HTTP request to HAProxy.
HAProxy does the TLS stuff to convert the request into https and forward to a server. HTTP to the client.
The server sends https response to HAProxy, then the response is forwarded as HTTP to client.

Currently, I'm not so sure how to achieve that goal with HAProxy. I tried to create a frontend listen on a custom port and then forward to a backend server. This is my HAProxy configuration:

frontend manager_https
    bind *:8443
    mode tcp
    log global
    maxconn 2000
    timeout client 50000
    default_backend     https_be

backend https_be
    timeout connect         5000
    timeout server          50000
    retries                 3
    server                  rtmp-manager 127.0.0.1:12345 check-ssl verify none

Unfortunately, this does not work. When clients send HTTP request, HAProxy also forward the HTTP request to backend server, not HTTPS.
How can I change the configuration to make it works as expected?

Another question: Is there any ways to make the offload transparent with client using HAProxy?

I would really appreciate any help!

Best Answer

Specify the ssl directive in the definition of your backend server, like this:

 server                  rtmp-manager 127.0.0.1:12345 check-ssl ssl verify none

Note that the check-ssl option affects the health checks only, and if ssl is specified, it can be omitted, since health checks are automatically done via SSL.

HAProxy should act as a transparent reverse proxy, so clients should not recognize that the requests are in fact handled by backend servers.

Best Answer

Related Solutions

Ssl – HaProxy – Http and SSL pass through config

Haproxy logging not work

Related Topic