Haproxy Site With SSL
To handle SSL/HTTPS traffic on haproxy, use following config in your /etc/haproxy/haproxy.cfg file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
frontend https-frontend-new bind :::443 ssl crt domain.pem acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https option forwardfor acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure http-response replace-header Set-Cookie (.*) \1;\ secure if https !secured_cookie default_backend https-backend-new backend https-backend-new balance static-rr option httpchk cookie SRV insert indirect nocache maxidle 30m maxlife 8h server web1 BACKEND_SERVER_IP:443 check ssl verify none |
domain.pem
SSL certificate of your domain in PEM format. This is done by using combining your SSL cert, private key and ca bundle.
1 |
cat yourdomain.crt yourdomain.key yourdomain.ca-bundle > yourdomain.pem |
If you have more sites with SSL, you can specify SSl certs like
1 |
bind :::443 ssl crt domain.pem crt domain-2.pem crt domain-3.pem |
BACKEND_SERVER_IP
This is IP of your back end server.
Restart Haproxy with
1 |
systemctl restart haproxy |