morristech
9/29/2018 - 7:50 PM

haproxy.cfg

haproxy.cfg

global
  log 127.0.0.1 local0
  maxconn 4000
  daemon
  uid 99
  gid 99

defaults
  log     global
  mode    tcp
  option  dontlognull
  timeout server 5s
  timeout connect 5s
  timeout client 5s

frontend ft_myapp
  bind :443
  mode tcp
  option tcplog

  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }

  acl application_1 req_ssl_sni -i domain1.org
  acl application_2 req_ssl_sni -i domain2.org

  use_backend bk_cert1 if application_1
  use_backend bk_cert2 if application_2

  default_backend bk_myapp

backend bk_myapp
 mode tcp
 server app1 127.0.0.1:1223 check


backend bk_cert1
  mode tcp
  server srv1 127.0.0.1:1234 check

backend bk_cert2
  mode tcp
  server srv2 127.0.0.1:1245 check