HAProxy and SNI-based SSL offloading with intermediate CA

In a world of diminishing IPv4 space and slow IPv6 adoption, SNI-based SSL is getting more and more important. Using the TLS extension┬áSNI, only hardware limits the number of virtual SSL-hosts we can put on a single IP address. Most modern web browsers and web servers support SNI nowadays. Since September 2012, HAProxy supports native …

Prevent SSL redirect loop using WordPress and HAProxy

This is a first post in a series on how to use HAProxy in front of WordPress. I’m using HAProxy to offload SSL connections to a WordPress site. The site itself runs on an internal IP address on port 80 while HAProxy listens on incoming connections on *:80 and *:443. Connections to *:443 will be …