Configure as a SNI proxy

docker-archive / dockercloud-haproxy

HAproxy image that autoreconfigures itself when used in Docker Cloud

https://cloud.docker.com/

652 stars 181 forks source link

Configure as a SNI proxy #165

Closed 0x4139 closed 7 years ago

0x4139 commented 7 years ago

I have the following usecase:

application A with it's own trusted SSL running on a.com
application b with it's own trusted SSL running on b.com

i want to configure the haproxy so i can use a SNI proxy. i have no clue how to do this with this current configuration

tifayuki commented 7 years ago

@0x4139 Simply put all your SSL certificates to the haproxy container, and haproxy will handle SNI itself.

See: https://github.com/docker/dockercloud-haproxy#ssl-termination

0x4139 commented 7 years ago

i don't want haproxy to handle the certificates i just want to handle the SNI.

haproxy should look into the host of the handshake and forward the request to the appropriate service
the uscase is that i want to create a middleware in the service to fetch certificates from letsencrypt for example

tifayuki commented 7 years ago

I think you are talking about reverse proxy using SNI with SSL passthrough.

This can be config in the TCP mode in haproxy, see discussion here: http://serverfault.com/questions/625362/can-a-reverse-proxy-use-sni-with-ssl-pass-through

However, we don't support it directly. You can give a try to see if it can be configured using some envvars like EXTRA_XXX_SETTINGS mentioned in the README manually, but personally I don't think it is going to work well.

And a PR is always welcomed. Thank you.