This config appears to be a decent start. and looks to meet your requirements for http.
Now you just need another frontend configured for 443, it would match the :80 frontend, aside from port, using SSL, and a path to the certificates. On Tue, Aug 30, 2016 at 8:47 AM, Harish Chander <harish.chan...@hotmail.com> wrote: > Hi, > > > I shall be really thankful you if you help in configure haproxy or its > possible or not. > > > External ELB - In external AWS ELB i have 2 Ha proxy server > > > HA Proxy > > connect > > haproxy > beta.example.com > > beta.example.com > api-example.com > > > beta.example.com server work's on 80 and 443 both, If i add A Name in DNS of > direct server IP then work everything. > > > Requirement - beta.example.com should work on both 443 and 80. now its > working for 80 only. Please help me out. you can call me +918529142143 any > time. > > > Current haproxy conf under below > > > > haproxy.conf > > > global > > log /dev/log local0 > > log /dev/log local1 notice > > chroot /var/lib/haproxy > > stats socket /run/haproxy/admin.sock mode 660 level admin > > stats timeout 30s > > user haproxy > > group haproxy > > daemon > > > # Default SSL material locations > > ca-base /etc/ssl/certs > > crt-base /etc/ssl/private > > > # Default ciphers to use on SSL-enabled listening sockets. > > # For more information, see ciphers(1SSL). This list is from: > > # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ > > ssl-default-bind-ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > > ssl-default-bind-options no-sslv3 > > > defaults > > log global > > mode http > > option httplog > > option dontlognull > > timeout connect 5000 > > timeout client 50000 > > timeout server 50000 > > > frontend haproxy > > bind *:80 > > stats uri /stats > > stats realm Strictly\ Private > > stats auth pass:word > > > # Define hosts > > #urls > > acl beta.example hdr(host) -i beta.example.com > > > > acl api.example hdr(host) -i api-example.com > > > > #cluster > > use_backend b.example if beta.example > > > use_backend z.api if api.example > > > #Frontend Server > > > backend b.example > > mode http > > balance roundrobin > > option forwardfor > > server server01 10.0.0.1:80 check > > > ##API > > backend z.api > > mode http > > balance roundrobin > > option forwardfor > > server api01 192.168.1.1:80 check > > > > Regard's > Harish Chander > 8529142143 > > -- Jeff Palmer https://PalmerIT.net