Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Help with HAProxy and SSL
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help with HAProxy and SSL

agoldenbergagoldenberg Member, Host Rep

ok so I have 2 web servers both running on SSL and Non-SSL

srv1.domain.com
srv2.domain.com

I also have HAProxy running on proxy.domain.com

how do I get it so that when traffic hits http://proxy.domain.com it goes to port 80 and https://proxy.domain.com goes to port 443 on the nodes?

I've tried all the tutorials I can find but not one of them works.

Comments

  • ShivamShivam Member

    Hey,

    Have you made sure that HAProxy is listening on both ports 80 and 443 (HTTP and HTTPS respectively) and each uses the backend "application-backend" as the default.

  • ShivamShivam Member
    edited June 2014

    Config file should be like this,

    global

    log 127.0.0.1   local0
    log 127.0.0.1   local1 notice
    maxconn 4096
    user haproxy
    group haproxy
    daemon
    

    defaults

    log global
    mode    http
    option  httplog
    option  dontlognull
    option forwardfor
    option http-server-close
    stats enable
     stats auth someuser:somepassword
     stats uri /haproxyStats
    

    frontend http-in

    bind *:80
    reqadd X-Forwarded-Proto:\ http
    default_backend application-backend
    

    frontend https-in

    bind *:443 ssl crt /etc/ssl/*your ssl key*
    reqadd X-Forwarded-Proto:\ https
    default_backend application-backend
    

    backend application-backend

    redirect scheme https if !{ ssl_fc }
    balance leastconn
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix
    
    #enter the IP of your application here
    server node1 10.0.0.1 cookie A check 
    

    Of course you need to fill in the blanks / edit it where i've said

  • agoldenbergagoldenberg Member, Host Rep

    @Shivam I believe so. My config is below.

    global
            log 127.0.0.1   local0
            log 127.0.0.1   local1 notice
            #log loghost    local0 info
            maxconn 4096
            #chroot /usr/share/haproxy
            user haproxy
            group haproxy
            daemon
            #debug
            #quiet
    
    defaults
            log     global
            mode    http
            option  httplog
            option  dontlognull
            option  http-server-close
            retries 3
            option redispatch
            fullconn 1000
            maxconn 1000
            timeout queue 600s
            timeout connect 5s
            timeout client 600s
            timeout server 600s
    
    
    
    
    frontend http-in
            bind proxy.domain.com:80
            bind proxy.domain.com:443 ssl crt /etc/ssl/ssl.crt
            reqadd X-Forwarded-Proto:\ https if { ssl_fc }
            default_backend normal
            option forwardfor
    
    
    backend normal
      server srv1 srv1.domain.com  minconn 100 maxqueue 10000 check-ssl
      server srv2 srv2.domain.com  minconn 100 maxqueue 10000 check-ssl
    
  • agoldenbergagoldenberg Member, Host Rep

    Right now http://proxy.domain.com is working fine, but https I get a bad gateway error.

  • agoldenbergagoldenberg Member, Host Rep

    @Shivam got it working!

    global
            log 127.0.0.1   local0
            log 127.0.0.1   local1 notice
            #log loghost    local0 info
            maxconn 4096
            #chroot /usr/share/haproxy
            user haproxy
            group haproxy
            daemon
            #debug
            #quiet
    
    defaults
            log     global
            mode    http
            option  httplog
            option  dontlognull
            option  http-server-close
            retries 3
            option redispatch
            fullconn 1000
            maxconn 1000
            timeout queue 600s
            timeout connect 5s
            timeout client 600s
            timeout server 600s
    
    
    
    frontend http-in
            bind proxy.domain.com:80
            default_backend normal
            option forwardfor
    
    
    frontend http-in-ssl
            bind proxy.domain.com:443 ssl crt /var/ssl/super.crt
            reqadd X-Forwarded-Proto:\ https if { ssl_fc }
            default_backend ssl
            option forwardfor
    
    
    
    backend normal
      server srv1 srv1.domain.com  minconn 100 maxqueue 10000
      server srv2 srv2.domain.com  minconn 100 maxqueue 10000
    
  • ShivamShivam Member

    If i helped in someway, glad you got to it at the end :) Let me know if you need additional help :)

Sign In or Register to comment.