Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy and using SNI on backends

    Scheduled Pinned Locked Moved Cache/Proxy
    13 Posts 4 Posters 7.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PiBa
      last edited by

      Haproxy 1.8rc3 should be able to use "check-sni". http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni but aint released yet. Maybe i can change the haproxy-devel to use it..

      1 Reply Last reply Reply Quote 0
      • S
        Spix
        last edited by

        @PiBa:

        Haproxy 1.8rc3 should be able to use "check-sni". http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni but aint released yet. Maybe i can change the haproxy-devel to use it..

        Would be great, or even Amazing. Then it would be possible to Health check Microsoft WAP-servers without destroying it´s bindning ti 0.0.0.0:443

        1 Reply Last reply Reply Quote 0
        • S
          Spix
          last edited by

          @PiBa:

          Haproxy 1.8rc3 should be able to use "check-sni". http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni but aint released yet. Maybe i can change the haproxy-devel to use it..

          Hello,When are you guys planing to make this available?  :)

          1 Reply Last reply Reply Quote 0
          • P
            PiBa
            last edited by

            haproxy 1.8.0release is available in the haproxy-devel package.. but there is a issue in that version with mail-alerts.. and a few other quirks that are still being fixed in haproxy itself..

            1 Reply Last reply Reply Quote 0
            • A
              anexus115
              last edited by

              Hello,
              Do you have some info if now we can force the SNI between haproxy and backend servers ?
              I have one backend server which cannot communicate without SNI.

              Thanks

              1 Reply Last reply Reply Quote 0
              • P
                PiBa
                last edited by

                put this into the server advanced field on the backend.?:sni vhost1.yourdomain.local check-sni vhost1.yourdomain.localorsni ssl_fc_sni check-sni vhost1.yourdomain.localor```
                sni hdr(Host) check-sni vhost1.yourdomain.local

                1 Reply Last reply Reply Quote 0
                • A
                  anexus115
                  last edited by

                  Hello,

                  Thank you for your reply,
                  The line with ssl_fc_sni working fine (haproxy devel).

                  Regard’s,

                  1 Reply Last reply Reply Quote 0
                  • S
                    Spix
                    last edited by

                    Hello, when wil this SNI functionality be implemented in production release package for HaProxy?

                    I would lika to have SNI support, and support for SNI Health check to backend.

                    Would be awesome to have!

                    1 Reply Last reply Reply Quote 0
                    • P
                      PiBa
                      last edited by

                      Well check-sni depends on 1.8 so probably when upstream BSD ports decides to switch the 'haproxy' port to 1.8 and then a little while after that..

                      1.7 supports 'sni' on backend server line
                      1.8 supports 'sni' and 'check-sni' on backend server line

                      'sni' on frontend bind line is supported by both..

                      1 Reply Last reply Reply Quote 0
                      • S
                        Spix
                        last edited by

                        THX  :)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.