HAProxy and using SNI on backends
-
For healthchecks.. your out of luck.. They cant (yet) use SNI.. so need to allow requests without it, or check health on the http port..
As for the actual user requests you could try setting the server with a advanced sni option. http://cbonte.github.io/haproxy-dconv/1.7/snapshot/configuration.html#5.2-sni -
Hello,
Anybody knows if the pfSense with Haproxy can do Health checks to WAP-servers, needs to be SNI compatible.
?
-
Haproxy 1.8rc3 should be able to use "check-sni". http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni but aint released yet. Maybe i can change the haproxy-devel to use it..
-
Haproxy 1.8rc3 should be able to use "check-sni". http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni but aint released yet. Maybe i can change the haproxy-devel to use it..
Would be great, or even Amazing. Then it would be possible to Health check Microsoft WAP-servers without destroying it´s bindning ti 0.0.0.0:443
-
Haproxy 1.8rc3 should be able to use "check-sni". http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni but aint released yet. Maybe i can change the haproxy-devel to use it..
Hello,When are you guys planing to make this available? :)
-
haproxy 1.8.0release is available in the haproxy-devel package.. but there is a issue in that version with mail-alerts.. and a few other quirks that are still being fixed in haproxy itself..
-
Hello,
Do you have some info if now we can force the SNI between haproxy and backend servers ?
I have one backend server which cannot communicate without SNI.Thanks
-
put this into the server advanced field on the backend.?:
sni vhost1.yourdomain.local check-sni vhost1.yourdomain.localorsni ssl_fc_sni check-sni vhost1.yourdomain.localor```
sni hdr(Host) check-sni vhost1.yourdomain.local -
Hello,
Thank you for your reply,
The line with ssl_fc_sni working fine (haproxy devel).Regard’s,
-
Hello, when wil this SNI functionality be implemented in production release package for HaProxy?
I would lika to have SNI support, and support for SNI Health check to backend.
Would be awesome to have!
-
Well check-sni depends on 1.8 so probably when upstream BSD ports decides to switch the 'haproxy' port to 1.8 and then a little while after that..
1.7 supports 'sni' on backend server line
1.8 supports 'sni' and 'check-sni' on backend server line'sni' on frontend bind line is supported by both..
-
THX :)