Haproxy Route Acme-tls/1
Posted on
HAProxy v2.2 punya req_ssl.alpn
. Deskripsinya aku kutip dari dokumentasi:
Returns a string containing the values of the Application-Layer Protocol Negotiation (ALPN) TLS extension (RFC7301), sent by the client within the SSL ClientHello message. Note that this only applies to raw contents found in the request buffer and not to the contents deciphered via an SSL data layer, so this will not work with "bind" lines having the "ssl" option. This is useful in ACL to make a routing decision based upon the ALPN preferences of a TLS client, like in the example below. See also "ssl_fc_alpn".
Fitur tersebut sangat berguna ketika aku mau route validasi Let's Encrypt pakai Challenge TLS-ALPN-01 ke endpoint tertentu.
Singkatnya, seperti ini caraku routing protokol acme-tls/1 dari Let's encrypt
frontend tcp_443
bind *:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content capture req.ssl_sni len 25
tcp-request content accept if { req_ssl_hello_type 1 }
#
# route to traefik if req ssl_alpn is acme-tls/1
#
use_backend traefikv1_acme if { req.ssl_alpn acme-tls/1 }
Penutup, aku tegaskan lagi catatan dari dokumentasi HAProxy: Note that this only applies to raw contents found in the request buffer and not to the contents deciphered via an SSL data layer, so this will not work with "bind" lines having the "ssl" option.