<![CDATA[HAproxy "Type" frontend setting]]>When configuring a frontend in HAProxy there are 3 types, I'm a bit confused.

I want to forward everything that hits port 443 on the frontend to port 443 on the backend, no ssl offloading or termination, just a basic load balancer. I handle ssl on the backends.

Do I want ssl/https(TCP mode) or just straight tcp mode? The mode I'm looking for is "SSL passthrough", but I don't see that available.

]]>https://forum.netgate.com/topic/151383/haproxy-type-frontend-settingRSS for NodeMon, 13 Apr 2026 12:07:28 GMTWed, 18 Mar 2020 00:39:11 GMT60<![CDATA[Reply to HAproxy "Type" frontend setting on Sat, 21 Mar 2020 20:58:45 GMT]]>@vinceepic
Yes TCP mode would work.. But do you have a reason for not using "ssl/https(TCP mode)" which would give the same frontend/backend configuration regarding the passing of the ssl traffic without any changes, but would allow to set some SNI based acl's in the webgui?

]]>https://forum.netgate.com/post/898385https://forum.netgate.com/post/898385Sat, 21 Mar 2020 20:58:45 GMT<![CDATA[Reply to HAproxy "Type" frontend setting on Wed, 18 Mar 2020 01:23:54 GMT]]>Just to answer my own question here, if you are reading the HAproxy docs and want what they call "ssl passthrough" for your frontend, what you want to select for the "type" is "tcp". ssl connections will be load-balanced and sent as-is to the configured backends.

]]>https://forum.netgate.com/post/897494https://forum.netgate.com/post/897494Wed, 18 Mar 2020 01:23:54 GMT