In a server with only one ipv4 and running haproxy, i want to redirect an url and proxy another in TCP level, for ssl passthrough purpose.
frontend https-frontend
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend proxy-backend if { req.ssl_sni -i proxied-url.com }
redirect prefix https://url-rewrited.com code 301 if { req.ssl_sni -i domain-for-redirect.com }
But redirect prefix requires http mode, and proxy passthrough requires tcp mode.
[WARNING] 347/153600 (1324) : config : 'redirect' rules ignored for frontend 'https-frontend' as they require HTTP mode.
If I use two frontends binding in 443, errors occur when loading pages.
How can I proceed?
EDIT
I tried to do a http backend for redirection
frontend https-frontend
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend proxy-backend if { req.ssl_sni -i proxied-url.com }
use_backend redirect-backend if { req.ssl_sni -i domain-for-redirect.com }
backend redirect-backend
mode http
option ssl-hello-chk
redirect prefix https://url-rewrited.com code 301 if { req.ssl_sni -i domain-for-redirect.com }
But when I go to domain-for-redirect.com I get ERR_SSL_PROTOCOL_ERROR. How can I load the certificate in the backend?
Best Answer
you need to add the ssl option with valid or self signed ssl certificate: instead : bind *:443 use: bind *:443 ssl crt /etc/ssl/private/certFileName.pem