ssl - How to use multi-condition with if in use_backend (Haproxy)?

Question

Welcome To Ask or Share your Answers For Others

ssl - How to use multi-condition with if in use_backend (Haproxy)?

asked Jan 27, 2021 in Technique[技术] by 深蓝 (71.8m points)

I am using Haproxy to separate http and https with different domain setting, but domain limitation with http not working well. My setting as following. Any idea?

frontend ha_8080
  mode tcp
  bind *:8080
  tcp-request content accept if { req_ssl_hello_type 1 }
  tcp-request inspect-delay 100ms
  tcp-request content accept if HTTP
  acl is_using_ssl req.ssl_hello_type gt 0

  acl is_abc hdr_dom(host) -i abc.com
  use_backend http_server if !is_using_ssl is_abc  #it works and only works on abc.com,
  use_backend local_server1 if is_using_ssl is_abc #https will not working
  use_backend local_server1 if is_using_ssl        #it works, but I need it work only on abc.com

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

482 views

1 Answer

深蓝 · Answer 1 · 2021-01-27T04:12:14+0000

hdr_dom(host) not work for https(ssl).

I should change to using req_ssl_sni.

My final setting as following.

frontend ha_8080
  mode tcp
  bind *:8080
  tcp-request content accept if { req_ssl_hello_type 1 }
  tcp-request inspect-delay 100ms
  tcp-request content accept if HTTP
  acl is_abc hdr_dom(host) -i abc.com
  acl is_abc_ssl req_ssl_sni -i abc.com
  use_backend http_server if is_abc 
  use_backend local_server1 if is_abc_ssl

Categories

ssl - How to use multi-condition with if in use_backend (Haproxy)?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags