Haproxy Site With SSL

To handle SSL/HTTPS traffic on haproxy, use following config in your /etc/haproxy/haproxy.cfg file.

frontend https-frontend-new
	bind :::443 ssl crt domain.pem

	acl https ssl_fc
	http-request set-header X-Forwarded-Proto http  if !https
	http-request set-header X-Forwarded-Proto https if https

	option forwardfor

	acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure
	http-response replace-header Set-Cookie (.*) \1;\ secure if https !secured_cookie
	
	default_backend https-backend-new

backend https-backend-new
	balance static-rr
	option httpchk
	cookie SRV insert indirect nocache maxidle 30m maxlife 8h
	server web1 BACKEND_SERVER_IP:443 check ssl verify none

domain.pem

SSL certificate of your domain in PEM format. This is done by using combining your SSL cert, private key and ca bundle.

cat yourdomain.crt yourdomain.key yourdomain.ca-bundle > yourdomain.pem

If you have more sites with SSL, you can specify SSl certs like

bind :::443 ssl crt domain.pem crt domain-2.pem crt domain-3.pem

BACKEND_SERVER_IP

This is IP of your back end server.

Restart Haproxy with

systemctl restart haproxy
Need help with Linux Server or WordPress? We can help!

Leave a Reply

Your email address will not be published. Required fields are marked *