Have haproxy pass a variety of request types

  • This back-end action currently works to present https://subdom.dom.org

    http-request header set
    name: Host, fmt: sub.dom.org	

    Now, to additionally accommodate requests such as https://dom.org:8443, which additional action parameters are best? Any source of haproxy recipes (in a pfsense context) would be greatly appreciated.

  • So, I generated an additional certificate using the "standalone HTTP server" method, which allows HTTP port specification. Maybe this is not the most efficient approach, but it works for my current purpose. (A drawback of this approach is that the acme cert has to be manually renewed since a NAT port rule is used to validate the cert, and disabled otherwise.)

  • em you waiting for man who will take you by hand for configuring your haproxy from scratch? Go to google\youtube and check(read\watch) manuals. In short way you issue letsencrypt isn't correct. It must be implemented in HAproxy by LUA script or via DNS validation but then you need provide API access to your DNS provider and this provider need to be supported by ACME plugin - otherwise as you already understand you will have to manually trigger cert renew which isn't OK at all. For work with HTTPS offloading you need create new shared https fronend on HAproxy and configure it same way as you done for HTTP, and HTTP create rule to 301 all traffic to HTTP location.

  • @dragoangel Thank you, you are correct. I am my way to becoming versed with HAProxy.

Log in to reply