By default, HAProxy will use the openssl library installed on your system. Don't forget to install the openssl dev packages as well. And also, you have to create a self signed certificate and to put it somewhere in your server (use the 'crt' keyword to point to it).
Baptiste On Mon, Dec 29, 2014 at 5:01 PM, Yosef Amir <amir.yo...@comverse.com> wrote: > I would like that HAProxy will use the OPENSSL already installed on my > Linux. > I don't want to "bring" the SSL libs with HAProxy . > Assuming I compiled HAProxy using USE_OPENSSL=1: > > Does it mean HAProxy will link to local OPENSSL on my Linux ? > Does stats configuration with SSL (as you sent in previous mail) will work > ? (listen stats.... bind :8050 ssl crt /path/to/crt) > > > > > -----Original Message----- > From: Baptiste [mailto:bed...@gmail.com] > Sent: Monday, December 29, 2014 4:02 PM > To: Yosef Amir; HAProxy > Subject: Re: HProxy - HTTPS for Stats > > Hi Yosef, > > Please keep the ML in Cc. > You first need to compile HAProxy to support SSL. > Use the USE_OPENSSL compilation directive. > > Baptiste > > > On Mon, Dec 29, 2014 at 2:25 PM, Yosef Amir <amir.yo...@comverse.com> wrote: >> Hi, >> I get the following error : >> # haproxy -f /etc/haproxy/haproxy.cfg >> [ALERT] 362/160119 (16836) : parsing [/etc/haproxy/haproxy.cfg:49] : 'bind >> :8050' unknown keyword 'ssl'. Registered keywords : >> [ TCP] defer-accept >> [ TCP] interface <arg> >> [ TCP] mss <arg> >> [ TCP] v4v6 >> [ TCP] v6only >> [ TCP] transparent (not supported) >> [STAT] level <arg> >> [UNIX] gid <arg> >> [UNIX] group <arg> >> [UNIX] mode <arg> >> [UNIX] uid <arg> >> [UNIX] user <arg> >> [ ALL] accept-proxy >> [ ALL] backlog <arg> >> [ ALL] id <arg> >> [ ALL] maxconn <arg> >> [ ALL] name <arg> >> [ ALL] nice <arg> >> [ ALL] process <arg> >> [ALERT] 362/160119 (16836) : Error(s) found in configuration file : >> /etc/haproxy/haproxy.cfg >> [ALERT] 362/160119 (16836) : Fatal errors found in configuration. >> >> Thanks >> Amir Yosef >> >> >> >> -----Original Message----- >> From: Baptiste [mailto:bed...@gmail.com] >> Sent: Monday, December 29, 2014 12:59 PM >> To: Yosef Amir >> Cc: haproxy@formilux.org; Cohen Galit >> Subject: Re: HProxy - HTTPS for Stats >> >> On Mon, Dec 29, 2014 at 11:00 AM, Yosef Amir <amir.yo...@comverse.com> >> wrote: >>> Hi , >>> I would like to configure stats in haproxy.config file. >>> For http is working great. >>> How can I configure the HAProxy stats to use HTTPS ? Does it supported? >>> My current lab configuration for stats is : >>> >>> listen stats :8050 >>> mode http >>> stats admin if TRUE # LOCALHOST >>> stats show-legends >>> stats uri /admin?stats #default is "/haproxy?stats" >>> stats refresh 5s >>> stats realm HAProxy\ Statistics #the "\ " sign stands for space >>> userlist stats-auth >>> group readonly users haproxy >>> user haproxy insecure-password haproxy >>> >>> Thanks >>> Amir Yosef >>> >>> >>> ________________________________ >>> "This e-mail message may contain confidential, commercial or privileged >>> information that constitutes proprietary information of Comverse Inc. or >>> its >>> subsidiaries. If you are not the intended recipient of this message, you >>> are >>> hereby notified that any review, use or distribution of this information >>> is >>> absolutely prohibited and we request that you delete all copies and >>> contact >>> us by e-mailing to: secur...@comverse.com. Thank You." >> >> >> Hi Yosef, >> >> You can simply bind the port using SSL and point to your certificate: >> >> listen stats >> bind :8050 ssl crt /path/to/crt >> [...] >> >> Baptiste >> >> ________________________________ >> "This e-mail message may contain confidential, commercial or privileged >> information that constitutes proprietary information of Comverse Inc. or >> its >> subsidiaries. If you are not the intended recipient of this message, you >> are >> hereby notified that any review, use or distribution of this information >> is >> absolutely prohibited and we request that you delete all copies and >> contact >> us by e-mailing to: secur...@comverse.com. Thank You." > > ________________________________ > "This e-mail message may contain confidential, commercial or privileged > information that constitutes proprietary information of Comverse Inc. or its > subsidiaries. If you are not the intended recipient of this message, you are > hereby notified that any review, use or distribution of this information is > absolutely prohibited and we request that you delete all copies and contact > us by e-mailing to: secur...@comverse.com. Thank You."
