This is an old revision of the document!
gate# apt install haproxy gate# cat gowebd.crt gowebd.key > /etc/ssl/private/gowebd.crtkey gate# ###cat keycloak.crt keycloak.key > /etc/ssl/private/keycloak.crtkey gate# cat /etc/haproxy/haproxy.cfg
... frontend ft-gate mode http bind *:80 bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey # bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey crt /etc/ssl/private/keycloak.crtkey # use_backend bk-kube-ingress if { ssl_fc_sni keycloak.corp13.un } # use_backend bk-node-ingress if { ssl_fc_sni gowebd.corp13.un } default_backend bk-kube-ingress option tcplog backend bk-kube-ingress # http-request set-header X-Forwarded-Proto https if { ssl_fc } # For Proto # http-request set-header X-Forwarded-Host %[req.hdr(Host)] # http-request set-header X-Forwarded-Port %[dst_port] ## http-request add-header X-Real-Ip %[src] # Custom header with src IP ## option forwardfor # X-forwarded-for ## http-request set-uri https://%[req.hdr(Host)]%[path]?%[query] if { ssl_fc } mode http balance roundrobin server kube2 kube2:80 check server kube3 kube3:80 check #backend bk-node-ingress # mode http # balance roundrobin # server node2 node2:80 check # server node3 node3:80 check
# haproxy -f /etc/haproxy/haproxy.cfg -c Configuration file is valid # service haproxy restart # journalctl -f | grep proxy haproxy# curl http://localhost/ -H "Host: webd.corpX.un"