Haproxy + Change Host Request Value
-
Hello,
I configure a ADFS service with haproxy inside pfsense.
Without SSL Offloading (Layer4 TCP) it's working fine but with certificate of web server IIS.Now I try to activate SSL Offloading for use pfsense's certificate.
Just there are one thing specific with ADFS than in the navigator the URL https:// <ip>not working, we must aboslutly use the FQDN.I try to found where I can define to haproxy than he must change the Host Request for use FQDN (HTTP/1.1 Host).
I try many situation and I block, now I have this config :
backend WAP_http_ipvANY mode http log global timeout connect 30000 timeout server 30000 retries 3 acl Backend1acl hdr_beg(host) -i adfs http-request del-header Host if Backend1acl http-request add-header Host adfs.domaine.com if Backend1acl server WAP 192.168.1.2:443 ssl verify noneI try with http set-header or replace-header also.
Second question, where I can check if haproxy have SNI for discuss with backend server ?
Thank you for your help</ip>
-
If it works with mode TCP, then the hostname in the http request as used by the client is apparently ok.. So in my opinion that would not need to be changed.
If SNI is required perhaps adding to the 'advanced' textbox at the server configuration something like: "sni hdr(Host)" would work.?
Something like this:server WAP 192.168.1.2:443 ssl verify none sni hdr(Host)Or make it a fixed domain name.?
server WAP 192.168.1.2:443 ssl verify none sni str(fs.yourdomain.tld) -
Hello,
thank you for your reply.
I test hdr without success but this line working :sni ssl_fc_sni check-sni vhost.yourdomain.localThank you