Combining Mixing SSL & TCP Modes in HAProxy

memphis2k · May 1, 2021, 2:55 AM

Hello,

Like all, trying to improve my security by opening less ports in my firewall. I have pfSense HAProxy setup with just SSL offloading for a couple of sites and it appears to be working fine. Does anyone have a recipe for getting both TCP and SSL working together on the same port, aka 443?

Example.
Frontend1 http://domain1.com route to https://domain1.com on backend1
Frontend2 http://domain2.com route to https://domain2.com on backend1
Frontend 3 Surveillance security server on port 10,000 to backend2

I have found some links below. This has been on my list for a long time. Its a little complex, IMO.

https://discourse.haproxy.org/t/mixing-mode-tcp-and-http-ssl-termination-and-passthrough/2698
https://julian.pawlowski.me/geeking-out-with-haproxy-on-pfsense-the-ultimate/

I don't know if these are compatible with pfSense version of HAProxy?

Anyone have an easier to follow recipe/example?

memphis2k · May 18, 2021, 1:55 AM

@memphis2k

Anybody? Is this not possible? Just looking for some thoughts