input license here
Home  ›  Cloud Server

Install SSL on HAProxy - Technical Support Center






Luong The Nam


06/07/2022

HAProxy is a suitable service for very high-traffic websites and is therefore often used to improve web service reliability and performance for multi-server configurations.

To install SSL on HAProxy, please refer to the instructions below: (note: the file locations may vary according to the settings on your server)

1. Prepare SSL certificate file

  • You will get the file private key When SSL activation is sent to your email, usually the file format will be: www_domain_.key
  • When you download the SSL certificate file that has completed the authentication, you will receive the following files, you will use 2 files as shown in the image below:

Next, you put in 3 files www_domain.key, www_domain.pem, Chain_RootCA_Bundle.crt Go to the server and type the following command to create the file pem used to install HAProxy.

cat www_tên_miền.pem Chain_RootCA_Bundle.crt www_tên_miền.key > certificate.pem

2. Check if HAProxy has SSL support

Please run the following command to check the version HAProxy:

haproxy -vv

If the returned result has the following information, it means HAProxy SSL supported:

HA-Proxy version 1.6.3 2015/12/25
[...]
Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes

Otherwise, if you see the following output, then you need to rebuild HAProxy with SSL support.

HA-Proxy version 1.6.3 2015/12/25
[...]
Built with OpenSSL version : not set

3. Configure SSL for HAProxy

Open HAProxy configuration file /etc/haproxy/haproxy.cfg and re-edit: (Note the path may be different from your server)

frontend http_front
   bind *:80
   stats uri /haproxy?stats
   default_backend http_back

frontend https_front
   bind *:443 ssl crt /etc/ssl/certificate.pem #Đường dẫn tới tập tin pem đã tạo ở bước 1.
   reqadd X-Forwarded-Proto: https

backend http_back
   balance roundrobin
   server Server1 <private IP>:80 check
   server Server2 <private IP>:80 check

After the configuration is complete, run the following command to check the configuration file:

haproxy -check -f /etc/haproxy/haproxy.cfg

After successful configuration test, please restart HAProxy for the configuration to take effect.

service haproxy restart

Note: This is just a reference for installing SSL on HAProxy, the settings may be different from yours, please check and replace to avoid errors.

Good luck!



Why Should You Choose .ONLINE Domain Extensions

Related Posts
On in
Diệp Quân
Nguyen Manh Cuong is the author and founder of the vmwareplayerfree blog. With over 14 years of experience in Online Marketing, he now runs a number of successful websites, and occasionally shares his experience & knowledge on this blog.
SHARE

Related Posts

Subscribe to get free updates

Post a Comment

Post a Comment

Sticky

Copyright © 2020
Theme By NQnia DMCA.com Protection Status