Hi Yosef, Please keep the ML in Cc. You first need to compile HAProxy to support SSL. Use the USE_OPENSSL compilation directive.
Baptiste On Mon, Dec 29, 2014 at 2:25 PM, Yosef Amir <amir.yo...@comverse.com> wrote: > Hi, > I get the following error : > # haproxy -f /etc/haproxy/haproxy.cfg > [ALERT] 362/160119 (16836) : parsing [/etc/haproxy/haproxy.cfg:49] : 'bind > :8050' unknown keyword 'ssl'. Registered keywords : > [ TCP] defer-accept > [ TCP] interface <arg> > [ TCP] mss <arg> > [ TCP] v4v6 > [ TCP] v6only > [ TCP] transparent (not supported) > [STAT] level <arg> > [UNIX] gid <arg> > [UNIX] group <arg> > [UNIX] mode <arg> > [UNIX] uid <arg> > [UNIX] user <arg> > [ ALL] accept-proxy > [ ALL] backlog <arg> > [ ALL] id <arg> > [ ALL] maxconn <arg> > [ ALL] name <arg> > [ ALL] nice <arg> > [ ALL] process <arg> > [ALERT] 362/160119 (16836) : Error(s) found in configuration file : > /etc/haproxy/haproxy.cfg > [ALERT] 362/160119 (16836) : Fatal errors found in configuration. > > Thanks > Amir Yosef > > > > -----Original Message----- > From: Baptiste [mailto:bed...@gmail.com] > Sent: Monday, December 29, 2014 12:59 PM > To: Yosef Amir > Cc: haproxy@formilux.org; Cohen Galit > Subject: Re: HProxy - HTTPS for Stats > > On Mon, Dec 29, 2014 at 11:00 AM, Yosef Amir <amir.yo...@comverse.com> > wrote: >> Hi , >> I would like to configure stats in haproxy.config file. >> For http is working great. >> How can I configure the HAProxy stats to use HTTPS ? Does it supported? >> My current lab configuration for stats is : >> >> listen stats :8050 >> mode http >> stats admin if TRUE # LOCALHOST >> stats show-legends >> stats uri /admin?stats #default is "/haproxy?stats" >> stats refresh 5s >> stats realm HAProxy\ Statistics #the "\ " sign stands for space >> userlist stats-auth >> group readonly users haproxy >> user haproxy insecure-password haproxy >> >> Thanks >> Amir Yosef >> >> >> ________________________________ >> "This e-mail message may contain confidential, commercial or privileged >> information that constitutes proprietary information of Comverse Inc. or >> its >> subsidiaries. If you are not the intended recipient of this message, you >> are >> hereby notified that any review, use or distribution of this information >> is >> absolutely prohibited and we request that you delete all copies and >> contact >> us by e-mailing to: secur...@comverse.com. Thank You." > > > Hi Yosef, > > You can simply bind the port using SSL and point to your certificate: > > listen stats > bind :8050 ssl crt /path/to/crt > [...] > > Baptiste > > ________________________________ > "This e-mail message may contain confidential, commercial or privileged > information that constitutes proprietary information of Comverse Inc. or its > subsidiaries. If you are not the intended recipient of this message, you are > hereby notified that any review, use or distribution of this information is > absolutely prohibited and we request that you delete all copies and contact > us by e-mailing to: secur...@comverse.com. Thank You."
