Hi,
would it be possible to inherit the SSL information from a SSL
listener/frontend via PROXY protocol?
So for example:
listen ssl-relay
mode tcp
...
server rsa unix@/var/run/haproxy_ssl_rsa.sock send-proxy-v2
listen ssl-rsa_ecc
mode tcp
...
bind unix@/var/run/haproxy_ssl_rsa.sock accept-proxy ssl crt
SSl-RSA.PEM user haproxy
frontend http_https
bind :80 # http
bind unix@/var/run/haproxy_ssl.sock accept-proxy user haproxy #
https
redirect scheme https code 301 if !{ssl_fc}
Here the ssl_fc and other SSL related ACLs do not work because the
actual SSL termination has been done in the above ssl-rsa_ecc listener.
Sharing that either internally or via the PROXY protocol would be really
handy, if that's possible.
For now we use the bind "id" to check whether it's the proxy connection
or not but the above would be much easier/better IMHO.
--
Regards,
Christian Ruppert