I want to route BOSH HTTPS traffic on port 5281 through HA Proxy. HA Proxy is already routing SSL on port 443. I.e., I want to encrypt both port 443 and 5281 with the same certificate. 443 is forward to my web cluster. 5281 is forwarded to my XMPP server.
I use Tutum docker cloud management, so I am using their dockerized version of HA Proxy. But I don't see a way to do what I want here: https://github.com/tutumcloud/tutum-docker-clusterproxy
By comparison, I can do this with Amazon Load Balancer, but I still have to forward that to HA Proxy to balance my containers, because ALB does not handle port-level balancing and HA Proxy is nicely integrated through linked containers. But in the process I lose my X-Forwarded-Proto header (it is not concatenated like X-Forward-For), so in this set up I can't tell if the originating traffic is SSL-encrypted (and redirect it accordingly). Such a set up is also a bit complex - one load balancer in front of another in different environments - yuck.
Any ideas how to get HA Proxy to do the whole thing?
Aucun commentaire:
Enregistrer un commentaire