On 1/27/11 3:30 PM, Willy Tarreau wrote:
On Thu, Jan 27, 2011 at 03:13:04PM -0800, Anthony Saenz wrote:
Well, my configuration has changed a bit but here's what I'm trying to
accomplish... I want to dynamically look up the host or IP that's being
requested. Right now I have our internal DNS pointing our domains to an
internal IP (for development purposes) but don't want SSL requests to
hit our internal servers. So, if a 443 request is made - simply push to
production.
Is there a way to dynamically set the host/IP in the server so it
perform a DNS lookup for the real IP and just simply passes through TCP?
Kind of like...
backend production_ssl
mode tcp
balance source
server web $REQUESTED_HOST:443
No you can't do that, that's more a job for a forward proxy such as Squid.
Also, you wouldn't even have the Host header here since you're in TCP mode,
and the request will be ciphered in SSL anyway.
I'm banging my head against the wall on how to get SSL to work without
hard-coding every single domain because we have over 1000 of them!
But do you have 1000 IP addresses for your servers ?
Willy
No, not all domains are on unique IPs because not all of them have SSL
but let's say 20 of them are. How can I have HAProxy differentiate those
20 different hosts/IPs and go to the correct one?
