Reverse Proxy with HAProxy

HAProxy + systemd. What to do when troubleshooting network problems without access to client or server? The answer is to get in the middle. Set up a proxy and ask the client to connect to it, instead.

I used a Linux server with HAProxy to give us HTTP logs and tcpdump to give us network logs. In this configuration, the client connects to the proxy server (example.org) which performs HTTPS reverse-forwarding to the web server (example.com) while logging to systemd.

File: /etc/haproxy/haproxy.conf

global
    daemon
    log /dev/log local0 info

defaults
    mode http
    timeout connect 1m
    timeout client 1m
    timeout server 1m
    log global
    option httplog

frontend https-in
    bind *:443 ssl crt /etc/haproxy/certs/example.org.pem
    bind *:8443 ssl crt /etc/haproxy/certs/example.org.pem
    default_backend https-out

backend https-out
    server to-server example.com:8443 ssl verify none

Thank you HAProxy, tcpdump, wireshark. Future plan is to replace Linux + HAproxy with OpenBSD + Relayd.