I just installed haproxy and it was working fine for two days now. Now, I'll
be implementing SSL on my backend server so here I go again.
I have configured haproxy and it has cookie enabled to retain sessions since
there is authentication involved in the web services. However, it seems it
was not possible using SSL because the mode must be tcp instead of http.
Therefore, there is no way I can use SSL using mode http. Right now, I need
to have the headers X-Forwarded-For and cookie session using SSL.
Is there a configuration on haproxy that can do the above?
Here is my haproxy.cfg
listen IGX_SERVERS 111.222.333.444:80
mode http
balance roundrobin
option forwardfor
option httpclose
cookie igx insert nocache indirect
server IGX1 10.0.0.0.3:80 cookie igx1 maxconn 2500 inter 1000
fastinter 200 fall 2 check
server IGX2 10.0.0.0.2:80 cookie igx2 maxconn 2500 inter 1000
fastinter 200 fall 2 check
stats uri /my_stats
stats realm Global\ statistics
stats auth admin:1nf0dyn3
listen IGX_SERVERS_SSL 111.222.333.444:443
mode tcp
balance source
option ssl-hello-chk
option forwardfor
server IGX1 10.0.0.0.3:443 maxconn 2500 inter 1000 fastinter 200
fall 2 check
server IGX2 10.0.0.0.2:443 maxconn 2500 inter 1000 fastinter 200
fall 2 check
global
maxconn 10000 # Total Max Connections.
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
daemon
nbproc 1 # Number of processes
user haproxy
group haproxy
chroot /var/chroot/haproxy
defaults
log global
option httplog
mode tcp
clitimeout 60000 # 16.6 Hrs.
srvtimeout 30000 # 8.33 Hrs.
contimeout 4000 # 1.11 Hrs.
retries 3
redispatch
option httpclose
Do you have any suggestion that I can do the above things with SSL support?
--
Nelson
http://nelsonts.blogspot.com
