Sugiro fazer todo o processamento SSL em HAProxy e usar o protocolo de proxy ( send-proxy
e accept-sslproxy
) para que as informações do cliente sejam passadas do processador ssl para o frontend + backend. Isso parece algo como:
listen ssl-proxy
bind 1.2.3.4:443 ssl crt /etc/ssl/mycert.pem npn http/1.1
mode tcp
bind-process 2 3 4
server http 127.0.0.1:80 send-proxy
frontend dev
#Do whatever you want here since it is http
mode http
bind 1.2.3.4:80 name dev
bind 127.0.0.1:80 accept-proxy name accept-sslproxy
bind-process 1
acl is_ssl dst_port 443
reqadd X-Forwarded-Proto:\ https if is_ssl
default_backend my_backend
backend my_backend
mode http
#Do whatever you want here since it is http