Often I need to take tcpdump to analyze haproxy communication to clients and to backend servers. As we use haproxy as SSL termination point (haproxy SSL ofloading), at low levels (so tcpdump level) we see communication with client encrypted. There are simple solution so I can do a tcpdump having unencrypted communication ? Has haproxy some mechanism ?
I have 3 haproxy LBs with 2 L4 LBs balancing on haproxy LBs so I want to avoid if possible to make more complex infrastructure introducing some other intermediate proxy to do that, so I make the communication path as simple and equal to normal request path as possible. Roberto