On Fri, 09/13/2013 12:56 PM, Harry Lopez <[email protected]> wrote: > I need to be able to allow https traffic from the outside world to a server > and vice-versa. The issue is that I honestly don't know where to begin. So > the first question would be how do I enable this functionality? Doing some > research, I did discover that not all versions of haproxy support this > feature. I am running version 1.4.15, but if it is the case that my version > is not supported, my follow up question is how do I update haproxy? >
Hi Harry. The only version of haproxys which allow direct termination of SSL traffic are in the 1.5 branch which is still in development. Here is at least one how-to on the matter: http://blog.exceliance.fr/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/ I personally terminate the traffic using stunnel. I've heard rumors that stud was more performant, but I didn't see any examples of terminating multiple sites on a single stud instance like you can with stunnel. As far as upgrading goes, it depends on your distribution. What I did is do a side-by-side installation of haproxy in a different directory so this way, I could test both versions
