listen mqtt-ssl
bind *:8883 ssl no-sslv3 crt /my.pem verify required ca-file /my/pem/all_cas.pem crl-file /my/pem/all_crls.pem
mode tcp
option tcplog
log global
maxconn 50000
tcp-request inspect-delay 30s
use_backend pki unless { req.payload(0,0),mqtt_is_valid }
default_backend emqx_k8s_svc
backend pki
mode http
server pki.my.domain someIP:443 ssl verify none
backend emqx_k8s_svc
mode tcp
log global
server emqx1 emqx-ee.emqx:1883 check inter 30s downinter 30s fall 1 rise 1
Given the above haproxy.cfg snippet, I confirm the following issue:
When I do a curl/wget on the listening address, the request is normally forwarded to the backend pki , as it should. But, at the same time, when attempting a connection to the backend emqx_k8s_svc the Mosquitto client stays blocked at "sending CONNECT" and no connection is established.
How can I have the condition that if the request payload is of type MQTT then forward it to the default_backend, and if the connection is NOT MQTT (say, an http client) forward it to the backend pki .
I have also tried the following , without resolve:
tcp-request inspect-delay 30s
use_backend pki if !{ req.payload(0,0),mqtt_is_valid }
use_backend emqx_k8s_svc if { req.payload(0,0),mqtt_is_valid }
default_backend emqx_k8s_svc
------------------------------
tcp-request inspect-delay 10s
use_backend pki if { ssl_fc }
use_backend emqx_k8s_svc if { req.payload(0,0),mqtt_is_valid }
default_backend emqx_k8s_svc
NOTE: it is all running in a Kubernetes environment, except for the backend pki which is elsewhere (but accessible) - HAProxy version: 2.5
