SSL resumption behind AWS NLB


(asaf) #1

Hello,

I have several caddy instances behind an NLB.
I was wondering how I could setup SSL resumption behind the NLB, as it round-robins the servers.

all the servers share the same setup and have the same SSL cetificate.

the config is:

http://helloworld.example.com:80 {
tls off
log / stdout "{combined} {latency_ms} "
errors visible
header / - Server
proxy / localhost:3032 {
header_upstream Host {host}
header_upstream X-Forwarded-For “{remote}, {X-Forwarded-For}”
header_downstream -X-Powered-By
}
}

helloworld.example.com:443 {
errors visible
log / stdout “{combined} {latency_ms}”
header / -Server
proxy / localhost:3033 {
header_upstream Host {host}
header_upstream X-Forwarded-For “{remote}, {X-Forwarded-For}”
header_downstream -X-Powered-By
}
}

*:80/index.html {
status 200 /
}

I have seen: https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure/#sessionticketresumption
and it states that there is a way to sync all the servers accept connections