SoftEther VPN Behind HAProxy
Thought I would share because the other other related source I know of is this. For those who don't know, SoftEther VPN is a VPN software that disguises itself as https traffic to be able to hide it's presence, so I wanted to be able to host both it and a normal webserver on port 443. Below is a rough copied version of my HAProxy config that I made to do this.
defaults
timeout client 30s
timeout server 30s
timeout connect 5s
frontend ft_tcp
mode tcp
bind *:443
#delay required so it has time to actually get the required information for the SE backend
tcp-request inspect-delay 5s
#Don't know what this is for
tcp-request content accept if { req_ssl_hello_type 1 }
#Redirect traffic to the softether server if the subdomain is "xyz"
use_backend bk_softether if { req_ssl_sni -i xyz.kn4vhm.com }
#Otherwise use the normal https backend
default_backend bk_tcp_to_https
backend bk_softether
mode tcp
server server-se ip.to.softether.server:443
backend bk_tcp_to_https
mode tcp
#Because I have to casecade the connection, I need send-proxy to preserver the client ip or else %[src] evaluates to 127.0.0.1
server haproxy-https 127.0.0.1:8443 check send-proxy
frontend ft_https
mode http
#Accept-proxy to get proper client information
bind *:8443 ssl crt /path/to/certificate.pem accept-proxy
#Do any other backend routing for other subdomains here and not in the first frontend as it is tcp based instead of http (ie see "mode tcp" and "mode http"