Thank you Baptiste. I am implementing this now. The procedure I was looking
at had me making it more complicated than it needed to be.
-Original Message-
From: Baptiste [mailto:bed...@gmail.com]
Sent: Thursday, November 29, 2012 2:29 AM
To: Rob Cluett
Cc: haproxy@formilux.org
Subject: Re: stunnel + haproxy + ssl + ddns + multiple domains
Hi Rob,
Just make you stunnel point to your frontend on the port 80, and you're
done.
cheers
On Thu, Nov 29, 2012 at 1:05 AM, Rob Cluett r...@robcluett.com wrote:
All, wondering if you can point me in the right direction. I have
stunnel installed with the x-forwarded-for patch. I also have haproxy
working so all incoming http requests are forwarded from my router to
happroxy. haproxy then determines where to route the request based on the
domain name.
Configs below. I'd like to implement something similar with stunnel
and haproxy so that all inbound requests can be routed in the same
manner for https.
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
userhaproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
modehttp
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend http_proxy
bind *:80
acl is_rbc-com hdr_dom(host) -i robcluett.com
acl is_rbc-net hdr_dom(host) -i robcluett.net
acl is_iom-com hdr_dom(host) -i iomerge.com
use_backend cluster1 if is_rbc-com
use_backend cluster2 if is_rbc-net
use_backend cluster3 if is_iom-com
backend cluster1
server web2 10.10.10.51:80
#server web5 192.168.1.128
backend cluster2
server web3 10.10.10.52:80
#server web6 192.168.1.129:80
backend cluster3
server web4 10.10.10.53:80
Rob Cluett
r...@robcluett.com
978.381.3005
*Please use this address for all email correspondence. The phone
number listed in the signature above replaces any other phone number
you may have for me.
This email contains a digitally signed certificate authenticating the
sender. This certificate prevents others from posing as or spoofing
the sender, guarantees that it was sent from the named sender and when
necessary encrypts the email such that only the sender and
reciepient(s) can read it's contents. If you receive an email from
this sender without the digitally signed certificate it is not from
the sender and therefore it's contents should be disregarded.
This e-mail, and any files transmitted with it, is intended solely for
the use of the recipient(s) to whom it is addressed and may contain
confidential information. If you are not the intended recipient,
please notify the sender immediately and delete the record from your
computer or other device as its contents may be confidential and its
disclosure, copying or distribution unlawful.
smime.p7s
Description: S/MIME cryptographic signature