HAProxy and SSL

Good Evening,

Yes another haproxy and SSL question.
I have looked over the archives and want to post this.

We are going to setup our own little cluster with several machines to host a several domains, and a couple of these will need SSL.

We plan on running a haproxy passing to a handful of apache machines.

We are going to have to use name based vhosts for this config, and that is where our first issue with SSL starts however I believe that can be solved by using a different port.

Eg.
We might use *:443 for one domain, and *:445 for another.

So in haproxy's config which will have all the different ips I should be able to

listen domain1 72.x.x.1:443

        mode http
        option httpchk HEAD /check.txt HTTP/1.0
        server www1 10.0.0.1:443 check
        server www2 10.0.0.2:443 check
        server www3 10.0.0.3:443 check


listen domain2 72.x.x.2:443
        mode http
        option httpchk HEAD /check.txt HTTP/1.0
        server www1 10.0.0.1:445 check
        server www2 10.0.0.2:445 check
        server www3 10.0.0.3:445 check

So to the user when they type in domain1.com:443 or domain2.com:443 they would both be done with SSL, and the requested is just passed onto apache on the correct port.

Would I need to change the mode from http to tcp

Is this a workable solution?
The user always connecting to the same backend apache server isn't a problem for sessions.

I hope someone can shed some light on this for me.

Thanks
Nick Received on 2009/01/23 12:38