Haproxy basic question
-
Hi!
Is haproxy able to use sni on backends?
I`m doing it like this now:Web server and each site has it`s own port:
site1: port 8001
site2: port 8002
etc…Can I have one webserver in the backend which is using SNI and have all websites on same port 443 or 80 for non ssl?
Thanks!
-
Haproxy can likely do it, but what site will you perform the health-check against.? And if that single site fails, all other sites on that same server would be taken down as well. Not sure if that is the best way to handle such a thing.?. But that is for you to decide :).
Its possible to add these options in the webgui into the advanced field of the server configuration:
http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni
http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-sni -
I mean I have a situation where currently there is one webserver and around 80 sites on it.
I want to move away from certbot to ACME and centralize SSL deployment.Now I`d have to reconfigure backend to use other ports or leave it like it is and put haproxy infront…
-
Okay well, as i wrote, haproxy can do it.. Have you added the configuration options? check-sni and sni .?
-
Not yet no time currently.
Just exploring my options but will definitly try it.
Thanks!