acl host_{cleanedUpHostname} hdr(host) -i {hostname}
use_backend {backend} if host_{cleanedUpHostname}
Fix this for standard cases ( no map, no path, no auth ).
When using acme certs, you often rely on SNI for certificate validation, so I don't know if we should ignore outdated crawlers/clients and accept this "503 noise" in the logs, or follow haproxy's author advice and only rely on the host header for routing.
Is there any way to disable the SNI routing behavior when using maps? I believe we are seeing a problem based on this behavior when using an AWS ELB in HTTPS mode in front of Marathon-LB.
I have 503 responses with NOSRV in haproxy logs, all about SNI and crawlers.
It seems some crawlers are still wrong with SNI http://searchengineland.com/drop-bing-moving-https-sni-caused-224105 https://www.ssllabs.com/ssltest/clients.html
Haproxy author does not recommends to use SNI for routing http://marc.info/?l=haproxy&m=144490809910124&w=2
Changing
HAPROXY_HTTPS_FRONTEND_ACL
toFix this for standard cases ( no map, no path, no auth ).
When using acme certs, you often rely on SNI for certificate validation, so I don't know if we should ignore outdated crawlers/clients and accept this "503 noise" in the logs, or follow haproxy's author advice and only rely on the host header for routing.
IMO, we should use the host header.