Haproxy Site With SSL
To handle SSL/HTTPS traffic on haproxy, use following config in your /etc/haproxy/haproxy.cfg file.
frontend https-frontend-new bind :::443 ssl crt domain.pem acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https option forwardfor acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure http-response replace-header Set-Cookie (.*) \1;\ secure if https !secured_cookie default_backend https-backend-new backend https-backend-new balance static-rr option httpchk cookie SRV insert indirect nocache maxidle 30m maxlife 8h server web1 BACKEND_SERVER_IP:443 check ssl verify none
domain.pem
SSL certificate of your domain in PEM format. This is done by using combining your SSL cert, private key and ca bundle.
cat yourdomain.crt yourdomain.key yourdomain.ca-bundle > yourdomain.pem
If you have more sites with SSL, you can specify SSl certs like
bind :::443 ssl crt domain.pem crt domain-2.pem crt domain-3.pem
BACKEND_SERVER_IP
This is IP of your back end server.
Restart Haproxy with
systemctl restart haproxy