HAProxy to terminate SSL also send SSL to backend server

Question

I would like terminate SSL at HAProxy, do some manipulation on the header, rewrite URL and re-encrypt traffic and send to backend servers as SSL?

I can't seem to find a way to do this. I can get regular SSL termination done, and send plain HTTP requests to backend. But I need to send SSL to backend.

I would like to have the following features:

Extract x-forwarded-for headers, to get the real client IP behind proxy.
Implement session stickiness using cookie.
Do some URL rewriting.
Send SSL traffic to backend using cookie based session stickieness.

Unless I terminate SSL at haproxy end, I cannot get URL rewriting done.

Any help from the good people here would be highly appreciated.

Tubeless · Accepted Answer · 2020-08-20T14:53:58.933

There's nothing special to do in haproxy.cfg. You simply configure whatever URL rewrites and header manipulations you want within your HAProxy frontend and then redirect traffic to your SSL backend. Here's an quick example:

frontend app1_ssl
    bind *:443 ssl crt /etc/haproxy/certs.d/example.com.crt crt /etc/haproxy/certs.d/ no-sslv3
option http-server-close
option forwardfor
http-request add-header X-Forwarded-Proto https
http-request add-header X-Forwarded-Port 443

# set HTTP Strict Transport Security (HTST) header
http-response add-header Strict-Transport-Security max-age=15768000

# some ACLs and URL rewrites...

default_backend             backend_app1_ssl



backend backend_app1_ssl
    server mybackendserver 127.0.0.1:4433 ssl verify none

HAProxy to terminate SSL also send SSL to backend server

1 Answers1

Linked

Related