Enable SSL in Haproxy Docker Container
I have a haproxy container running on port 80. This container is started with command
|
1 |
docker run -d -p 80:80 --name haproxy1 -v /home/ubuntu/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7 |
This haproxy used following configuration file /home/ubuntu/haproxy/haproxy.cfg
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
global defaults frontend sok-front-end bind *:80 mode http default_backend sok-front-end backend sok-front-end mode http balance roundrobin server srv3 172.17.0.2:8000 |
To make this haproxy work with SSL, first create a ssl.pem file with your SSL certificate contents in following order
|
1 2 3 |
1) Your Private Key 2) Your SSL CRT 4) CA-BUNDLE |
copy and paste all those certs into ssl.pem file inside /home/ubuntu/haproxy/ssl.pem
Now modify your /home/ubuntu/haproxy/haproxy.cfg file as follows
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
global defaults frontend sok-front-end bind *:80 bind :::443 ssl crt /usr/local/etc/haproxy/ssl.pem acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https mode http default_backend sok-front-end backend sok-front-end mode http balance roundrobin server srv3 172.17.0.2:8000 |
Now we need to stop current docker container as it only allow port 80 to be shared.
|
1 |
docker container stop haproxy1 |
Lets create a new haproxy container with port 443 forwaded.
|
1 |
docker run -d -p 80:80 -p 443:443 --name haproxy2 -v /home/ubuntu/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7 |
See Haproxy