co-hosting ocserv and https on the same port.
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Jan 11 02:07:22 PST 2015
On Sun, 2015-01-11 at 08:26 +0000, Quan Zhou wrote:
> Hi,
>
> I've tried to follow the HAProxy part of the ( http://www.infradead.org/ocserv/multihost.html ) guide, but it wasn't complete, the parts for https server is missing. So I started "trial and error".
> finally I got a working HAProxy configuration. It works with certificate mode (ssl terminated at ocserv), but I've got a small problem, how am I supposed to let ocserv listen-encrypted on unix socket? (contrary to the listen-cleartext). Thanks!
As it is now you can only listen unencrypted to the unix socket. You can
forward to the tcp port though, which you already did.
However your example shows that you are using SSL termination on ocserv
(method 2), rather than method 1. Would you like to write some text on
how to support method 2 with haproxy to be added in multihost.html?
regards,
Nikos
More information about the openconnect-devel
mailing list