0

I want to build a haproxy with re-encryption if traffic is already encrypted and I want to add header to ensure it is working.

But my

  • http-request add-header LoadBalancer Plain and
  • http-request add-header LoadBalancer Encrypted

doesn't seem to work.

How to add headers to the request?
How to tell, that this config use re-encryption and not TLS passthrough?

I added a fixed ip, but I would rather use a hostname of the other docker instance.

global
    daemon
    maxconn 256
    ssl-server-verify none

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

option forwardfor
option http-server-close

stats enable
stats uri /stats
stats realm Haproxy\ Statistics
stats auth user:password

listen http-in-plain
    http-request set-header X-SSL %[ssl_fc]
    http-request add-header LoadBalancer Plain 
    bind *:80
    server server1 172.17.0.2:80 maxconn 32

listen http-in-encrypted
    bind *:443 ssl force-tlsv10 crt /etc/ssl/certs/haproxy-selfsigned.4k.pem 

    http-request set-header X-SSL %[ssl_fc]
    http-request add-header LoadBalancer Encrypted 

    server server1 172.17.0.2:443 maxconn 32 ssl check verify none
hdev
  • 630
  • 7
  • 18
  • The configuration seems correct, can you add more information about how this is not working: - Are the headers mismatched or there is no headers at all ? - How are you checking the headers? – Mo3m3n Aug 08 '17 at 08:39
  • No LoadBalancer or X-SSL Header as present. – hdev Aug 08 '17 at 16:49

0 Answers0