It seems that haproxy and newer versions of curl have trouble with the
SNI-based switching.
If anyone would care to test on their own machine, this is what I'm doing:
This is my server's config file:
https://gist.github.com/coolaj86/2faa07aa535e6dc04639
Update /etc/hosts point to my test server:
66.172.33.29 foo.example.com
66.172.33.29 bar.example.com
66.172.33.29 baz.example.com
When I use Chrome, Firefox, or Safari on my macbook I get the expected
results
These follow the SNI rules (they go to the 'bar' or 'baz' pages):
https://bar.example.com:64443
https://baz.example.com:64443
These fall through to the default (they go to the 'default' page):
https://66.172.33.29:64443
https://foo.example.com:64443
But when I use curl bundled with Yosemite (or from Brew) on my macbook,
it's not switching.
curl --insecure https://bar.example.com:64443
Default on 1443
These are the versions I'm testing with:
curl --version
curl 7.37.1 (x86_64-apple-darwin14.0) libcurl/7.37.1 SecureTransport
zlib/1.2.5
/usr/local/opt/curl/bin/curl --version
curl 7.42.1 (x86_64-apple-darwin14.3.0) libcurl/7.42.1 SecureTransport
zlib/1.2.5
Yet I have a node.js (io.js v2.3.1) service that switches based on SNI
which is working just fine with curl.
# exactly what I expect (served from node.js with SNICallback)
curl https://coolaj86.com
Also, when I use curl on either of my test servers I get the correct
results. Here are their versions:
curl --version
curl 7.27.0 (x86_64-pc-linux-gnu) libcurl/7.27.0 OpenSSL/1.0.1c
zlib/1.2.7 libidn/1.25 librtmp/2.3
curl --version
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f
zlib/1.2.8 libidn/1.28 librtmp/2.3
Any ideas on this one?
SNI-based switching.
If anyone would care to test on their own machine, this is what I'm doing:
This is my server's config file:
https://gist.github.com/coolaj86/2faa07aa535e6dc04639
Update /etc/hosts point to my test server:
66.172.33.29 foo.example.com
66.172.33.29 bar.example.com
66.172.33.29 baz.example.com
When I use Chrome, Firefox, or Safari on my macbook I get the expected
results
These follow the SNI rules (they go to the 'bar' or 'baz' pages):
https://bar.example.com:64443
https://baz.example.com:64443
These fall through to the default (they go to the 'default' page):
https://66.172.33.29:64443
https://foo.example.com:64443
But when I use curl bundled with Yosemite (or from Brew) on my macbook,
it's not switching.
curl --insecure https://bar.example.com:64443
Default on 1443
These are the versions I'm testing with:
curl --version
curl 7.37.1 (x86_64-apple-darwin14.0) libcurl/7.37.1 SecureTransport
zlib/1.2.5
/usr/local/opt/curl/bin/curl --version
curl 7.42.1 (x86_64-apple-darwin14.3.0) libcurl/7.42.1 SecureTransport
zlib/1.2.5
Yet I have a node.js (io.js v2.3.1) service that switches based on SNI
which is working just fine with curl.
# exactly what I expect (served from node.js with SNICallback)
curl https://coolaj86.com
Also, when I use curl on either of my test servers I get the correct
results. Here are their versions:
curl --version
curl 7.27.0 (x86_64-pc-linux-gnu) libcurl/7.27.0 OpenSSL/1.0.1c
zlib/1.2.7 libidn/1.25 librtmp/2.3
curl --version
curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f
zlib/1.2.8 libidn/1.28 librtmp/2.3
Any ideas on this one?