W dniu 2017-12-29 o 14:56, Lukas Tribus pisze: > Hello, > > > On Fri, Dec 29, 2017 at 2:45 PM, Mariusz Kalota <[email protected]> wrote: >> Hello, >> I would like to ask about new feature in haproxy 1.8: >> check-sni >> >> Please give me some example how I can use this. > It's as simple as: > check-sni <sni-string> > > So a backend would look like this for example: > > backend secure_wwwfarm > server server1 srv1.wwwfarm.local:443 ssl sni > str(www.paginebianche.it) check inter 600s check-sni > healthchecks.wwwfarm.local > server server2 srv2.wwwfarm.local:443 ssl sni > str(www.paginebianche.it) check inter 600s check-sni > healthchecks.wwwfarm.local > > > Lukas Hello, thanks for replay. Maybe I will give more info:
I have two serwers. Servers need client certificate to give answer. My configuration is like this: listen https-test-51111 bind *:51111 mode tcp balance roundrobin option httpchk GET /somefile.asmx server server1 192.168.0.1:51111 check check-ssl verify none crt /etc/haproxy/cert.pem ssl sni str(test1.site.local) check-sni test1.site.local server server2 192.168.0.2:51111 check check-ssl verify none crt /etc/haproxy/cert.pem ssl sni str(test2.site.local) check-sni test2.site.local if you write in webrowser https://test.site.local:51111 you go to haproxy which go to one of the two servers. Certificate on that servers are *.site.local. In stats of haproxy I get: lastChk L7STS/400 in 3ms L7STS/400 in 4ms What I do wrong?
