the haproxy is conforming to the following setup: http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ Look for: Choose a server using SNI: aka SSL routing No certificates available to haproxy, so no decoding and/or adding removing headers. disecting of traffic is purely based on SSL Client Hello providing an SNI. (tcp mode forwby noci - Nginx Mailing List - English
I tried both V1.10.1 and V1.11.6 same behaviourby noci - Nginx Mailing List - English
fail2ban comes to mind (ipset + iptables + logscanner). http://www.fail2ban.org/by noci - Nginx Mailing List - English
Log through syslog to another system? If the other system isn't listening there is no harm done... (Slightly more network traffic).by noci - Nginx Mailing List - English
Hi, I have a strange problem. Setup: Internet ---> haproxy (SNI TLS Routing) --> nginx (Webserver) --> Websocket based server (WebRTC) haproxy has no certificates, it checks the TLS Hello message for :443 traffic and then forwards to the right server based on SNI. ==> haproxy cannot alter the stream sent through. Doing a request through this pipeline to start a websocket cby noci - Nginx Mailing List - English