co-hosting ocserv and https on the same port.
Quan Zhou
qzhou at live.de
Sun Jan 11 00:26:58 PST 2015
Hi,
I've tried to follow the HAProxy part of the ( http://www.infradead.org/ocserv/multihost.html ) guide, but it wasn't complete, the parts for https server is missing. So I started "trial and error".
finally I got a working HAProxy configuration. It works with certificate mode (ssl terminated at ocserv), but I've got a small problem, how am I supposed to let ocserv listen-encrypted on unix socket? (contrary to the listen-cleartext). Thanks!
frontend port-443
bind 0.0.0.0:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
default_backend tls-out
backend tls-out
mode tcp
acl 0_ocserv req.ssl_sni -i ocserv.domain.tld
acl 1_nginx req.ssl_sni -i www.domain.tld
use-server ocserv if 0_ocserv
use-server nginx if 1_nginx
server ocserv 127.0.0.1:8443
server nginx 127.0.0.1:7443
More information about the openconnect-devel
mailing list