HAProxy TCP forward with SNI

For a long time I have been running most of my HTTP traffic via a HAproxy installation. This will grant me great flexibility with a stable frontend, and I’m then free to route different parts of to whatever backend I need to solve my task. Kubernetes I added a Kubernets cluster earlier this year, in it’s first iteration it exposed an Ingress with a self signed TLS certificate that the HAproxy just reverse proxied like any other site, like this:

Let's Encrypt

Since December last year I have thought about Let’s Encrypt and that is something I should use for my sites and other services that needs HTTPS. Yesterday I finally took the time to move this site to HTTPS, I guess http/2 is the next logical step but that’s another day! A few short words about Let’s Encrypt if you are not completely up to date. Let’s Encrypt is a initiative to offer completely free ordinary X.