Hi everyone,
i'm using a nbproc > 1 configuration for ssl offloading :
listen web_tls
mode http
bind *:443 ssl crt whatever.pem process 2
bind *:443 ssl crt whatever.pem process 3
.../..
server web_plain unix@plain.sock send-proxy-v2-ssl
frontend web_plain
bind *:80 process 1
bind unix@plain.sock process 1 accept-proxy
.../..
And i'm looking for a secure solution in the web_plain frontend to know
if the request come from web_tls or not ( in fact i want to know if the
connection was initially made via SSL/TLS transport ).
I though that send-proxy-v2-ssl could help but i have no idea how ...
src and src_port are OK with the proxy protocol but ssl_fc in web_plain
keeps answering false ( 0 ) even the request come from web_tls.
I could set and forward a secret header set in web_tls but i don't like
the idea ... (have to change the header each time an admin sys leave the
enterprise... )
Thanks.
i'm using a nbproc > 1 configuration for ssl offloading :
listen web_tls
mode http
bind *:443 ssl crt whatever.pem process 2
bind *:443 ssl crt whatever.pem process 3
.../..
server web_plain unix@plain.sock send-proxy-v2-ssl
frontend web_plain
bind *:80 process 1
bind unix@plain.sock process 1 accept-proxy
.../..
And i'm looking for a secure solution in the web_plain frontend to know
if the request come from web_tls or not ( in fact i want to know if the
connection was initially made via SSL/TLS transport ).
I though that send-proxy-v2-ssl could help but i have no idea how ...
src and src_port are OK with the proxy protocol but ssl_fc in web_plain
keeps answering false ( 0 ) even the request come from web_tls.
I could set and forward a secret header set in web_tls but i don't like
the idea ... (have to change the header each time an admin sys leave the
enterprise... )
Thanks.