On Sun, 2015-01-11 at 08:26 +0000, Quan Zhou wrote: > Hi, > > I've tried to follow the HAProxy part of the ( http://www.infradead.org/ocserv/multihost.html ) guide, but it wasn't complete, the parts for https server is missing. So I started "trial and error". > finally I got a working HAProxy configuration. It works with certificate mode (ssl terminated at ocserv), but I've got a small problem, how am I supposed to let ocserv listen-encrypted on unix socket? (contrary to the listen-cleartext). Thanks! As it is now you can only listen unencrypted to the unix socket. You can forward to the tcp port though, which you already did. However your example shows that you are using SSL termination on ocserv (method 2), rather than method 1. Would you like to write some text on how to support method 2 with haproxy to be added in multihost.html? regards, Nikos
