HAProxy : SSL/TLS Setting2023/11/22 |
Configure HAProxy with SSL/TLS connection.
The connection between HAproxy and Clients are encrypted with SSL. -----------+---------------------------+--------------------------+------------ | | | |10.0.0.30 |10.0.0.51 |10.0.0.52 +----------+-----------+ +-----------+----------+ +-----------+----------+ | [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] | | HAProxy | | Web Server#1 | | Web Server#2 | +----------------------+ +----------------------+ +----------------------+ |
[1] | |
[2] | In addition to previous basic HTTP Load Balancing setting, add settings for SSL/TLS. |
# concatenate cert and key [root@dlp ~]# cat /etc/letsencrypt/live/dlp.srv.world/{fullchain.pem,privkey.pem} > /etc/haproxy/haproxy.pem
[root@dlp ~]#
vi /etc/haproxy/haproxy.cfg # add into frontend section # * comment out the 80 port line if you do not need unencrypted connection
frontend http-in
bind *:80
bind *:443 ssl crt /etc/haproxy/haproxy.pem
[root@dlp ~]# systemctl reload haproxy |
[3] | If Firewalld is running, allow ports HAProxy listens. |
[root@dlp ~]# firewall-cmd --add-service=https success [root@dlp ~]# firewall-cmd --runtime-to-permanent success |
[4] | Verify working normally to access to frontend HAproxy Server. |
Sponsored Link |