I would like that HAProxy will use the OPENSSL already installed on my Linux. I don't want to "bring" the SSL libs with HAProxy . Assuming I compiled HAProxy using USE_OPENSSL=1: 1. Does it mean HAProxy will link to local OPENSSL on my Linux ? 2. Does stats configuration with SSL (as you sent in previous mail) will work ? (listen stats.... bind :8050 ssl crt /path/to/crt)
-----Original Message----- From: Baptiste [mailto:[email protected]] Sent: Monday, December 29, 2014 4:02 PM To: Yosef Amir; HAProxy Subject: Re: HProxy - HTTPS for Stats Hi Yosef, Please keep the ML in Cc. You first need to compile HAProxy to support SSL. Use the USE_OPENSSL compilation directive. Baptiste On Mon, Dec 29, 2014 at 2:25 PM, Yosef Amir <[email protected]> wrote: > Hi, > I get the following error : > # haproxy -f /etc/haproxy/haproxy.cfg > [ALERT] 362/160119 (16836) : parsing [/etc/haproxy/haproxy.cfg:49] : 'bind > :8050' unknown keyword 'ssl'. Registered keywords : > [ TCP] defer-accept > [ TCP] interface <arg> > [ TCP] mss <arg> > [ TCP] v4v6 > [ TCP] v6only > [ TCP] transparent (not supported) > [STAT] level <arg> > [UNIX] gid <arg> > [UNIX] group <arg> > [UNIX] mode <arg> > [UNIX] uid <arg> > [UNIX] user <arg> > [ ALL] accept-proxy > [ ALL] backlog <arg> > [ ALL] id <arg> > [ ALL] maxconn <arg> > [ ALL] name <arg> > [ ALL] nice <arg> > [ ALL] process <arg> > [ALERT] 362/160119 (16836) : Error(s) found in configuration file : > /etc/haproxy/haproxy.cfg > [ALERT] 362/160119 (16836) : Fatal errors found in configuration. > > Thanks > Amir Yosef > > > > -----Original Message----- > From: Baptiste [mailto:[email protected]] > Sent: Monday, December 29, 2014 12:59 PM > To: Yosef Amir > Cc: [email protected]; Cohen Galit > Subject: Re: HProxy - HTTPS for Stats > > On Mon, Dec 29, 2014 at 11:00 AM, Yosef Amir <[email protected]> > wrote: >> Hi , >> I would like to configure stats in haproxy.config file. >> For http is working great. >> How can I configure the HAProxy stats to use HTTPS ? Does it supported? >> My current lab configuration for stats is : >> >> listen stats :8050 >> mode http >> stats admin if TRUE # LOCALHOST >> stats show-legends >> stats uri /admin?stats #default is "/haproxy?stats" >> stats refresh 5s >> stats realm HAProxy\ Statistics #the "\ " sign stands for space >> userlist stats-auth >> group readonly users haproxy >> user haproxy insecure-password haproxy >> >> Thanks >> Amir Yosef >> >> >> ________________________________ >> "This e-mail message may contain confidential, commercial or privileged >> information that constitutes proprietary information of Comverse Inc. or >> its >> subsidiaries. If you are not the intended recipient of this message, you >> are >> hereby notified that any review, use or distribution of this information >> is >> absolutely prohibited and we request that you delete all copies and >> contact >> us by e-mailing to: [email protected]. Thank You." > > > Hi Yosef, > > You can simply bind the port using SSL and point to your certificate: > > listen stats > bind :8050 ssl crt /path/to/crt > [...] > > Baptiste > > ________________________________ > "This e-mail message may contain confidential, commercial or privileged > information that constitutes proprietary information of Comverse Inc. or its > subsidiaries. If you are not the intended recipient of this message, you are > hereby notified that any review, use or distribution of this information is > absolutely prohibited and we request that you delete all copies and contact > us by e-mailing to: [email protected]. Thank You." ________________________________ "This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [email protected]. Thank You."
