You can not use hdr_dom(host) or hdr(host) ACL on SSL load balancer, use req_ssl_sni instead
Example:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
nbproc 8defaultsmode tcp
timeout connect 5s
timeout client 15m
timeout server 15mmaxconn 5000frontend ft_ssl_vip
bind 0.0.0.0:443
mode tcp
tcp-request inspect-delay 3s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend bk_ssl_default
# Using SNI to take routing decisionbackend bk_ssl_default
mode tcp
acl acl_v1 req_ssl_sni -i v1.home.net
acl acl_v2 req_ssl_sni -i v2.home.net
acl acl_v3 req_ssl_sni -i v3.home.net
acl acl_dev req_ssl_sni -i dev.home.netuse-server prodv2 if acl_v1
use-server prodv2 if acl_v2
use-server prodv2 if acl_v3
use-server prodv2 if acl_v4use-server default if !acl_v1 !acl_v1 !acl_v3 !acl_dev
option ssl-hello-chk
server default 10.2.235.247:443 check
server dev 10.2.235.247:443 check
server v1 10.2.236.27:443 check
server v2 10.2.236.27:443 check
server v3 10.2.236.27:443 check
server dev 10.2.236.27:443 check
Done
