Scenario is a firewall host running HAProxy trying to map to an internal web server. The web server is configured for SSL with a Let’s Encrypt certificate using the external name with a DNS entry pointing to the routable IP of the firewall/HAProxy host. Internal name for the website is different than the external name. I’m either trying to do passthrough SSL via HAProxy or whatever makes more sense.
WORLD -> SSL -> (www.website.com on routable IP) HAProxy -> (web.stuff.intra on internal IP) internal host I’m sure this is probably the scenario a million people use but after trying very many examples from searches, I’m still unable to get this to function properly. Example configuration: frontend localhost bind 66.66.66.66:443 option tcplog mode tcp default_backend nodes backend nodes mode tcp balance roundrobin option ssl-hello-chk server web01 192.168.10.30:443 check Basically lifted from https://serversforhackers.com/c/using-ssl-certificates-with-haproxy I’m very new to HAProxy and while I’ve heard of it for years, I never got around to playing with it. Basically the results of this config tell me the site is unreachable. I’m not sure exactly how to debug to figure out where the breakdown is. Any tips is much appreciated. -jeremy
signature.asc
Description: PGP signature
