OPNsense Forum

English Forums => General Discussion => Topic started by: 0xDEADC0DE on October 22, 2018, 12:16:21 pm

Title: Question about haproxy
Post by: 0xDEADC0DE on October 22, 2018, 12:16:21 pm
Currently we have different services running behind our OPNsense box like
otrs, mattermost, svn, website aso.
Only one website is currently running on port 443, all other sites use different
ports. Now I want to change all website to use the standard port 443.
I cannot do let's encrypt on opnsense with haproxy as some sites use client
certificates and they have different requirements for TLS.
Is there a possibility to only inspect the SNI and forward the "raw" TCP to the correct server?
I know that I cannot use ESNI with TLS 1.3 then but I don't care about that.