Haproxy + Change Host Request Value

  • Hello,

    I configure a ADFS service with haproxy inside pfsense.
    Without SSL Offloading (Layer4 TCP) it's working fine but with certificate of web server IIS.

    Now I try to activate SSL Offloading for use pfsense's certificate.
    Just there are one thing specific with ADFS than in the navigator the URL https:// <ip>not working, we must aboslutly use the FQDN.

    I try to found where I can define to haproxy than he must change the Host Request for use FQDN (HTTP/1.1 Host).

    I try many situation and I block, now I have this config :

    backend WAP_http_ipvANY
    	mode			http
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	acl			Backend1acl	hdr_beg(host) -i adfs
    	http-request del-header Host  if  Backend1acl 
    	http-request add-header Host adfs.domaine.com  if  Backend1acl 
    	server			WAP ssl  verify none

    I try with http set-header or replace-header also.

    Second question, where I can check if haproxy have SNI for discuss with backend server ?

    Thank you for your help</ip>

  • If it works with mode TCP, then the hostname in the http request as used by the client is apparently ok.. So in my opinion that would not need to be changed.

    If SNI is required perhaps adding to the 'advanced' textbox at the server configuration something like: "sni hdr(Host)" would work.?
    Something like this:

    server			WAP ssl  verify none sni hdr(Host)

    Or make it a fixed domain name.?

    server			WAP ssl  verify none sni str(fs.yourdomain.tld)

  • Hello,

    thank you for your reply.
    I test hdr without success but this line working :

    sni ssl_fc_sni check-sni vhost.yourdomain.local

    Thank you

Log in to reply