HAPROXY strange things in latest pfSense
-
With package 0.63_1 and 23.09.1 .. (haproxy-2.8.2)
I was trying to make us of new things that could replace my old custom acl's in dropdown (by edit existing ACL)
But when saving the frontend - the ACL dissapears (and if i try restart HA - the rule is not existing)
So I thought I might need to create those from ACL's from scratch - but then - the option(s) is not in the dropdown.
FYI - I'am reffering to the Server Name Indication expressions
-
@planetinse
Which type of frontend is this?I'd expect to see the SNI ACL only in tcp frontends. In http frontends you can better use host name instead.
-
@viragomann This is from an existing https frontend
Basically iam using this setup since years back with SNI termination based on some guide back from the HA 1.8 days.
a TCP frontend takes first blow > routes traffic to a backend that returns traffic back to a HTTPS frontend (what i think happens here is some kind of TLS termination?
in the HTTPS frontend I got ssl_fc_sni custom rules, to figure out based on subdomain where to send the traffic - all this to support DDP (websocket traffic) from IOT devices as well as web browser clients accessing the same backend.
using host here (historically) does not work for the IOT devices, only for webbrowsers - ssl_fc_sni has been the only stable way.
I was hoping to ditch this now with the newer HA :)
-
Funny thing is even when they are "gone" - the ACL's using these - briefly show up when loading the frontend, so this must be a bug one way or the other.