I've got two "frontend" nodes that do load balancing with HAProxy and they send HTTP (port 80) requests onto the web servers (which are mirrored and get the website data from a shared storage server, as covered in the other threads I've posted). This works fine. But I'm now confused as to how to handle HTTPS (port 443) requests. I'd, of course, want SNI enabled, so that different websites can have their own separate SSL certificates. The problem is that if I do SSL termination at HAProxy, then it needs access to all the SSL certificates (and an understanding of SNI to use the correct certificates, according to which virtual host is being accessed). If that's even possible. I don't know. Or I could do SSL passthrough instead, but then HAProxy can't actually read the request - as it's encrypted, of course, and you pass it on as "tcp" and not "http" - so how do I pass on the original IP to the web server? With HTTP, I add the "Forwarded-For" header and Apache is configured with "remoteip", so HAProxy passes on the original IP address. But, with SSL, HAProxy can't access the headers to be able to add the extra information. Also, on a different note, I'd like to have it that requests for "admin.domain.tld" would be invisibly redirected to "domain.tld:8080", so that the link to the ISPConfig interface is more human-friendly for my users. Rewrite? Redirect? How best to handle that?