Brendan, I'm also interesting for this topic as our company is preparing for switching most traffic to be SSL enabled soon.
What I found so far are these quite informative articles: 1) http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ 2) http://loadbalancer.org/blog/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy Also you did not posted your iptables config, routing rules on backend servers (as they need reply to "spoofed" IP's back to Haproxy servers (tcp mode, right?) all are very important for tproxy config to be working. Let me know your results if you will get first. Btw, I will be glad to see working configs from other community members. Thank you all in advance! -- Evgeniy On Sun, Jul 17, 2016 at 10:19 PM, Brendan Kearney <bpk...@gmail.com> wrote: > i have iptables configured to redirect outbound HTTP to HAProxy, and then > load balance to a couple of squid instances. the below works well: > > backend tproxy > acl https ssl_fc > http-request set-uri http://%[req.hdr(Host)]%[path]?%[query] unless > https > ... > > i have tried to perform HTTPS interception using the below, in addition to > the redirect of HTTPS traffic to the HAProxy VIP: > > http-request set-method CONNECT if https > http-request set-uri https://%[req.hdr(Host)]%[path]?%[query] if > https > > this does not seem to work as expected. where can i find more info on > performing HTTPS interception, for transparent proxying? any help would be > appreciated. > > thanks, > > brendan > -- -- With regards, Eugene Sudyr
