I’ve tried this:
frontend web
bind *:443
mode tcp
acl whitelist src 173.169.95.246/32
tcp-request connection reject unless whitelist
but I’m getting this error message:
3/31/2017 1:02:32 AMtime="2017-03-31T05:02:32Z" level=info msg=" -- reloading haproxy config with the new config changes\n * Reloading haproxy haproxy\n[WARNING] 089/050232 (717) : config : 'option forwardfor' ignored for frontend 'web' as it requires HTTP mode.\n[WARNING] 089/050232 (717) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[WARNING] 089/050232 (717) : config : 'option forwardfor' ignored for frontend '80' as it requires HTTP mode.\n[WARNING] 089/050232 (717) : config : 'option forwardfor' ignored for frontend '443' as it requires HTTP mode.\n[WARNING] 089/050232 (717) : parsing [/etc/haproxy/haproxy.cfg:57] : HTTP log/header format not usable with backend '80_' (needs 'mode http').\n[WARNING] 089/050232 (717) : config : 'option forwardfor' ignored for backend '80_' as it requires HTTP mode.\n[WARNING] 089/050232 (717) : parsing [/etc/haproxy/haproxy.cfg:67] : HTTP log/header format not usable with backend '443_' (needs 'mode http').\n[WARNING] 089/050232 (717) : config : 'option forwardfor' ignored for backend '443_' as it requires HTTP mode.\n[WARNING] 089/050232 (719) : config : 'option forwardfor' ignored for frontend 'web' as it requires HTTP mode.\n[WARNING] 089/050232 (719) : config : 'option forwardfor' ignored for proxy 'default' as it requires HTTP mode.\n[WARNING] 089/050232 (719) : config : 'option forwardfor' ignored for frontend '80' as it requires HTTP mode.\n[WARNING] 089/050232 (719) : config : 'option forwardfor' ignored for frontend '443' as it requires HTTP mode.\n[WARNING] 089/050232 (719) : parsing [/etc/haproxy/haproxy.cfg:57] : HTTP log/header format not usable with backend '80_' (needs 'mode http').\n[WARNING] 089/050232 (719) : config : 'option forwardfor' ignored for backend '80_' as it requires HTTP mode.\n[WARNING] 089/050232 (719) : parsing [/etc/haproxy/haproxy.cfg:67] : HTTP log/header format not usable with backend '443_' (needs 'mode http').\n[WARNING] 089/050232 (719) : config : 'option forwardfor' ignored for backend '443_' as it requires HTTP mode.\n ...done.\n"
I must use TCP rather than HTTP termination. Wondering if there are any people out there who have set this up properly.