On 5 May 2016 at 23:27, Igor Cicimov <ig...@encompasscorporation.com> wrote: > > > On 5 May 2016 10:39 pm, "Hector Rivas Gandara" > <hector.rivas.gand...@digital.cabinet-office.gov.uk> wrote: > > > https://jve.linuxwall.info/ressources/taf/haproxy-aws/ > > Thank you for your answer, but this article describes a configuration where > > the ELB is setup in plain TCP mode > (no SSL), so it does not do reencryption but passes the stream to HAProxy. > > > > But my case is different ELB terminates SSL and opens a SSL connection to > > backend (see my original mail). > > Maybe you should think then why do you need tproxy at all.
I am not sure what you refer with 'tproxy' but: * If 'tproxy' is ELB, as said: We want to use ELB because they scalability and HA features provided by AWS, SSL terminatation and to restrict access to the end user certificates to only some specific roles. * If 'tproxy' is HAProxy, we want to use use HAProxy to be able to do some HTTP request rewriting. * If 'tproxy' is ELB in TCP/SSL mode, rather than HTTP/HTTPS mode, we need that because we must support websockets, and ELB does not support websockets. Thx -- Regards Hector Rivas | GDS / Multi-Cloud PaaS
