Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Haproxy basic question

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 2 Posters 646 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maverick_slo
      last edited by

      Hi!

      Is haproxy able to use sni on backends?
      I`m doing it like this now:

      Web server and each site has it`s own port:
      site1: port 8001
      site2: port 8002
      etc…

      Can I have one webserver in the backend which is using SNI and have all websites on same port 443 or 80 for non ssl?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        Haproxy can likely do it, but what site will you perform the health-check against.? And if that single site fails, all other sites on that same server would be taken down as well. Not sure if that is the best way to handle such a thing.?. But that is for you to decide :).

        Its possible to add these options in the webgui into the advanced field of the server configuration:
        http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni
        http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-sni

        1 Reply Last reply Reply Quote 0
        • M
          maverick_slo
          last edited by

          I mean I have a situation where currently there is one webserver and around 80 sites on it.
          I want to move away from certbot to ACME and centralize SSL deployment.

          Now I`d have to reconfigure backend to use other ports or leave it like it is and put haproxy infront…

          1 Reply Last reply Reply Quote 0
          • P
            PiBa
            last edited by

            Okay well, as i wrote, haproxy can do it.. Have you added the configuration options? check-sni and sni .?

            1 Reply Last reply Reply Quote 0
            • M
              maverick_slo
              last edited by

              Not yet no time currently.
              Just exploring my options but will definitly try it.
              Thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.