HAproxy "Type" frontend setting

vinceepic · Mar 18, 2020, 12:39 AM

When configuring a frontend in HAProxy there are 3 types, I'm a bit confused.

I want to forward everything that hits port 443 on the frontend to port 443 on the backend, no ssl offloading or termination, just a basic load balancer. I handle ssl on the backends.

Do I want ssl/https(TCP mode) or just straight tcp mode? The mode I'm looking for is "SSL passthrough", but I don't see that available.

vinceepic · Mar 18, 2020, 1:23 AM

Just to answer my own question here, if you are reading the HAproxy docs and want what they call "ssl passthrough" for your frontend, what you want to select for the "type" is "tcp". ssl connections will be load-balanced and sent as-is to the configured backends.

PiBa · Mar 21, 2020, 8:58 PM

@vinceepic
Yes TCP mode would work.. But do you have a reason for not using "ssl/https(TCP mode)" which would give the same frontend/backend configuration regarding the passing of the ssl traffic without any changes, but would allow to set some SNI based acl's in the webgui?