Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Help with HAProxy and SSL
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help with HAProxy and SSL

agoldenbergagoldenberg Member, Host Rep
in Help

ok so I have 2 web servers both running on SSL and Non-SSL

srv1.domain.com
srv2.domain.com

I also have HAProxy running on proxy.domain.com

how do I get it so that when traffic hits http://proxy.domain.com it goes to port 80 and https://proxy.domain.com goes to port 443 on the nodes?

I've tried all the tutorials I can find but not one of them works.

Comments

  • ShivamShivam Member

    Hey,

    Have you made sure that HAProxy is listening on both ports 80 and 443 (HTTP and HTTPS respectively) and each uses the backend "application-backend" as the default.

  • ShivamShivam Member
    edited June 2014

    Config file should be like this,

    global

    log 127.0.0.1   local0
log 127.0.0.1   local1 notice
maxconn 4096
user haproxy
group haproxy
daemon

    defaults

    log global
mode    http
option  httplog
option  dontlognull
option forwardfor
option http-server-close
stats enable
 stats auth someuser:somepassword
 stats uri /haproxyStats

    frontend http-in

    bind *:80
reqadd X-Forwarded-Proto:\ http
default_backend application-backend

    frontend https-in

    bind *:443 ssl crt /etc/ssl/*your ssl key*
reqadd X-Forwarded-Proto:\ https
default_backend application-backend

    backend application-backend

    redirect scheme https if !{ ssl_fc }
balance leastconn
option httpclose
option forwardfor
cookie JSESSIONID prefix

#enter the IP of your application here
server node1 10.0.0.1 cookie A check

    Of course you need to fill in the blanks / edit it where i've said

  • agoldenbergagoldenberg Member, Host Rep

    @Shivam I believe so. My config is below.

    global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #chroot /usr/share/haproxy
        user haproxy
        group haproxy
        daemon
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option  http-server-close
        retries 3
        option redispatch
        fullconn 1000
        maxconn 1000
        timeout queue 600s
        timeout connect 5s
        timeout client 600s
        timeout server 600s




frontend http-in
        bind proxy.domain.com:80
        bind proxy.domain.com:443 ssl crt /etc/ssl/ssl.crt
        reqadd X-Forwarded-Proto:\ https if { ssl_fc }
        default_backend normal
        option forwardfor


backend normal
  server srv1 srv1.domain.com  minconn 100 maxqueue 10000 check-ssl
  server srv2 srv2.domain.com  minconn 100 maxqueue 10000 check-ssl
  • agoldenbergagoldenberg Member, Host Rep

    Right now http://proxy.domain.com is working fine, but https I get a bad gateway error.

  • agoldenbergagoldenberg Member, Host Rep

    @Shivam got it working!

    global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #chroot /usr/share/haproxy
        user haproxy
        group haproxy
        daemon
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option  http-server-close
        retries 3
        option redispatch
        fullconn 1000
        maxconn 1000
        timeout queue 600s
        timeout connect 5s
        timeout client 600s
        timeout server 600s



frontend http-in
        bind proxy.domain.com:80
        default_backend normal
        option forwardfor


frontend http-in-ssl
        bind proxy.domain.com:443 ssl crt /var/ssl/super.crt
        reqadd X-Forwarded-Proto:\ https if { ssl_fc }
        default_backend ssl
        option forwardfor



backend normal
  server srv1 srv1.domain.com  minconn 100 maxqueue 10000
  server srv2 srv2.domain.com  minconn 100 maxqueue 10000
  • ShivamShivam Member

    If i helped in someway, glad you got to it at the end :) Let me know if you need additional help :)

Sign In or Register to comment.