I am using HAProxy and serve different services through it and add TLS certificate for all my services in the internal network. Some of my networks I want to make accessible through a domain like internal.example.com others should be accessible from outside as well i.e. external.example.com.
How do I achieve this? Is the src ACL the right command for this? I tried with the following config but everything is still available from inside of the network and from outside.
frontend https
mode tcp
option tcplog
bind *:443 ssl crt /etc/haproxy/certs/example.com.pem
acl tls req.ssl_hello_type 1
als white_list src 127.0.0.1 <my_external_ip> # let's assume this would be a real public ip.
tcp-request inspect-delay 5s
tcp-request content accept if tls
# External
acl host_server_server1 ssl_fc_sni -i external.example.com
use_backend http_server_server1 if host_server_server1
# Internal
acl host_server_server2 ssl_fc_sni -i internal.example.com
use_backend http_server_server2 if host_server_server2 white_list
backend http_server_server1
mode http
option forwardfor
server server1 server1:3000
backend http_server_server2
mode http
option forwardfor
server server2 server2:3000