HAProxy : SSL/TLS Setting2019/11/08 |
|
Configure HAProxy with SSL/TLS connection.
The connection between HAproxy and Clients are encrypted with SSL.
-----------+---------------------------+--------------------------+------------
| | |
|10.0.0.30 |10.0.0.51 |10.0.0.52
+----------+-----------+ +-----------+----------+ +-----------+----------+
| [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] |
| HAProxy | | Web Server#1 | | Web Server#2 |
+----------------------+ +----------------------+ +----------------------+
|
| [1] | |
| [2] | In addition to previous basic HTTP Load Balancing setting, add settings for SSL/TLS. |
|
# concatinate cert and key [root@dlp ~]# cd /etc/letsencrypt/live/dlp.srv.world [root@dlp dlp.srv.world]# cat fullchain.pem privkey.pem > haproxy.pem [root@dlp ~]#
[root@dlp ~]#
vi /etc/haproxy/haproxy.cfg # add into frontend section (if not need to listening 80 port)
frontend http-in
bind *:80
bind *:443 ssl crt /etc/letsencrypt/live/dlp.srv.world/haproxy.pem
[root@dlp ~]# systemctl restart haproxy |
| [3] | If Firewalld is running, allow ports HAProxy listens. |
|
[root@dlp ~]# firewall-cmd --add-service=https --permanent success [root@dlp ~]# firewall-cmd --reload success |
| [4] | Verify working normally to access to frontend HAproxy Server. |
|
|
Matched Content