I am using HAProxy as a reverse-proxy to route all my domain names into various servers in a private computer cluster. Most of the times, the traffic represents web apps or APIs and it makes sense to use HTTPS to serve them. So I've create a frontend in that fashion for this:
frontend layer7-http-listener
bind *:443 ssl crt /etc/httpd/certs/haproxy.pem
mode http
[...]
I also have one server that's expecting to receive TLS encrypted traffic and has its own certs. That means I have to revert to TCP to let data pass through without being decrypted in HAProxy. Also, HAProxy doesn't have to manage any certs in that situation. Something more like this:
frontend layer4-listener
bind *:443 ssl
mode tcp
[...]
As a noob, what I understand is that HAProxy can't have 2 fontends with similar binds, namely *:443 here.
What's the best way to handle this knowing that both situations come from different domain names. Ex: httpapp.mydomain.com for layer 7 and tcpserver.mydomain.com for layer 4
