Haproxy Site With SSL

To handle SSL/HTTPS traffic on haproxy, use following config in your /etc/haproxy/haproxy.cfg file.

frontend https-frontend-new
	bind :::443 ssl crt domain.pem

	acl https ssl_fc
	http-request set-header X-Forwarded-Proto http  if !https
	http-request set-header X-Forwarded-Proto https if https

	option forwardfor

	acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure
	http-response replace-header Set-Cookie (.*) \1;\ secure if https !secured_cookie
	
	default_backend https-backend-new

backend https-backend-new
	balance static-rr
	option httpchk
	cookie SRV insert indirect nocache maxidle 30m maxlife 8h
	server web1 BACKEND_SERVER_IP:443 check ssl verify none

domain.pem

SSL certificate of your domain in PEM format. This is done by using combining your SSL cert, private key and ca bundle.

cat yourdomain.crt yourdomain.key yourdomain.ca-bundle > yourdomain.pem

If you have more sites with SSL, you can specify SSl certs like

bind :::443 ssl crt domain.pem crt domain-2.pem crt domain-3.pem

BACKEND_SERVER_IP

This is IP of your back end server.

Restart Haproxy with

systemctl restart haproxy

Haproxy Site With SSL

Comments

Leave a Reply Cancel reply

More posts

Route Specific Subnet Through OpenVPN

How to stop all services on a cpanel server

Upgrade MariaDB 10.3 to 10.5 on Ubuntu 20.04

How to hide a WordPress Plugin