Merge pull request #4403 from thermionic/master

HAProxy configuration snippet on using SNI

docs/Example configs/haproxy-with-sni-sample.cfg

@@ -0,0 +1,40 @@
+# Uses proxy protocol in HAProxy in combination with SNI to preserve the original host address
+# Update the config.json to work with HAProxy
+# 
+# Specify the hostname and port that has the public certificate
+# "tlsOffload": "https://mc.publicdomain.com:443",
+# 
+# Specify the IP address of the HAProxy instance (this might not be the address that is bound to the listener).
+# "TrustedProxy": "10.1.1.10",
+
+
+frontend sni-front
+        bind 10.1.1.10:443
+        mode tcp
+        tcp-request inspect-delay 5s
+        tcp-request content accept if { req_ssl_hello_type 1 }
+        default_backend sni-back
+
+backend sni-back
+        mode tcp
+        acl gitlab-sni req_ssl_sni -i gitlab.publicdomain.com
+        acl mc-sni req_ssl_sni -i mc.publicdomain.com
+        use-server gitlabSNI if gitlab-sni
+        use-server mc-SNI if mc-sni
+        server mc-SNI 10.1.1.10:1443 send-proxy-v2-ssl-cn
+
+frontend mc-front-HTTPS
+        mode http
+        option forwardfor
+        bind 10.1.1.10:1443 ssl crt /etc/haproxy/vm.publicdomain.net.pem accept-proxy
+        http-request set-header X-Forwarded-Proto https
+        option tcpka
+        default_backend mc-back-HTTP
+
+backend mc-back-HTTPS
+        mode http
+        option forwardfor
+        http-request add-header X-Forwarded-Host %[req.hdr(Host)]
+        option http-server-close
+        server mc-01 10.1.1.30:443 check port 443 verify none
+