On Thu, Feb 07, 2013 at 11:54:56AM -0500, S Ahmed wrote:
> Is it hard to install SSL with haproxy?
>
> I want all incoming connections to use SSL, but when haproxy
> communicates with the backends I don't want them to be ssl based.
>
> ANy tutorials on setting this up?
With 1.5-dev17 (or whatever's the latest) that's fairly easy.
Here's a config snippet. The ":::443" thing is to make it bind to
ipv6, which *:443 doesn't. The cert file has to be all the relevant
certs concatenated; see the docs for more info.
# Listen for ssl requests
# 443, but get passed on to http-based ports for Apache
listen https
balance roundrobin
mode http
option http-server-close
option forwardfor
option httpchk HEAD /cytobank/images/logo_bigger.gif
bind :::443 ssl crt /opt/haproxy/etc/wildcard.cert
default_backend https_apache_localhost
backend https_apache_localhost
server server_0 localhost:83 check inter 3000 rise 1 fall 1
error-limit 1 on-error mark-down
-Robin
