What platform are you running, and what version of haproxy are you using? There are probably precompiled binaries for 1.5 which is needed for ssl.
Sent from my iPad > On Dec 29, 2014, at 11:01 AM, Yosef Amir <[email protected]> wrote: > > I would like that HAProxy will use the OPENSSL already installed on my Linux. > I don’t want to "bring" the SSL libs with HAProxy . > Assuming I compiled HAProxy using USE_OPENSSL=1: > Does it mean HAProxy will link to local OPENSSL on my Linux ? > Does stats configuration with SSL (as you sent in previous mail) will work ? > (listen stats.... bind :8050 ssl crt /path/to/crt) > > > > -----Original Message----- > From: Baptiste [mailto:[email protected]] > Sent: Monday, December 29, 2014 4:02 PM > To: Yosef Amir; HAProxy > Subject: Re: HProxy - HTTPS for Stats > > Hi Yosef, > > Please keep the ML in Cc. > You first need to compile HAProxy to support SSL. > Use the USE_OPENSSL compilation directive. > > Baptiste > > > On Mon, Dec 29, 2014 at 2:25 PM, Yosef Amir <[email protected]> wrote: > > Hi, > > I get the following error : > > # haproxy -f /etc/haproxy/haproxy.cfg > > [ALERT] 362/160119 (16836) : parsing [/etc/haproxy/haproxy.cfg:49] : 'bind > > :8050' unknown keyword 'ssl'. Registered keywords : > > [ TCP] defer-accept > > [ TCP] interface <arg> > > [ TCP] mss <arg> > > [ TCP] v4v6 > > [ TCP] v6only > > [ TCP] transparent (not supported) > > [STAT] level <arg> > > [UNIX] gid <arg> > > [UNIX] group <arg> > > [UNIX] mode <arg> > > [UNIX] uid <arg> > > [UNIX] user <arg> > > [ ALL] accept-proxy > > [ ALL] backlog <arg> > > [ ALL] id <arg> > > [ ALL] maxconn <arg> > > [ ALL] name <arg> > > [ ALL] nice <arg> > > [ ALL] process <arg> > > [ALERT] 362/160119 (16836) : Error(s) found in configuration file : > > /etc/haproxy/haproxy.cfg > > [ALERT] 362/160119 (16836) : Fatal errors found in configuration. > > > > Thanks > > Amir Yosef > > > > > > > > -----Original Message----- > > From: Baptiste [mailto:[email protected]] > > Sent: Monday, December 29, 2014 12:59 PM > > To: Yosef Amir > > Cc: [email protected]; Cohen Galit > > Subject: Re: HProxy - HTTPS for Stats > > > > On Mon, Dec 29, 2014 at 11:00 AM, Yosef Amir <[email protected]> > > wrote: > >> Hi , > >> I would like to configure stats in haproxy.config file. > >> For http is working great. > >> How can I configure the HAProxy stats to use HTTPS ? Does it supported? > >> My current lab configuration for stats is : > >> > >> listen stats :8050 > >> mode http > >> stats admin if TRUE # LOCALHOST > >> stats show-legends > >> stats uri /admin?stats #default is "/haproxy?stats" > >> stats refresh 5s > >> stats realm HAProxy\ Statistics #the "\ " sign stands for space > >> userlist stats-auth > >> group readonly users haproxy > >> user haproxy insecure-password haproxy > >> > >> Thanks > >> Amir Yosef > >> > >> > >> ________________________________ > >> "This e-mail message may contain confidential, commercial or privileged > >> information that constitutes proprietary information of Comverse Inc. or > >> its > >> subsidiaries. If you are not the intended recipient of this message, you > >> are > >> hereby notified that any review, use or distribution of this information > >> is > >> absolutely prohibited and we request that you delete all copies and > >> contact > >> us by e-mailing to: [email protected]. Thank You." > > > > > > Hi Yosef, > > > > You can simply bind the port using SSL and point to your certificate: > > > > listen stats > > bind :8050 ssl crt /path/to/crt > > [...] > > > > Baptiste > > > > ________________________________ > > "This e-mail message may contain confidential, commercial or privileged > > information that constitutes proprietary information of Comverse Inc. or its > > subsidiaries. If you are not the intended recipient of this message, you are > > hereby notified that any review, use or distribution of this information is > > absolutely prohibited and we request that you delete all copies and contact > > us by e-mailing to: [email protected]. Thank You." > > ________________________________ > “This e-mail message may contain confidential, commercial or privileged > information that constitutes proprietary information of Comverse Inc. or its > subsidiaries. If you are not the intended recipient of this message, you are > hereby notified that any review, use or distribution of this information is > absolutely prohibited and we request that you delete all copies and contact > us by e-mailing to: [email protected]. Thank You.”
