For same i need your help will you please help me, and today i have new requirement. back to example.com backend will run on 80 and 8080
example.com will run on 80 and 443 will you share the conf file ?? i shall be really thankfull to you Regard's Harish Chander 8529142143 * ________________________________ From: Jeff Palmer <[email protected]> Sent: Tuesday, August 30, 2016 7:05 PM To: Harish Chander Cc: [email protected] Subject: Re: Need help to configure ha proxy This config appears to be a decent start. and looks to meet your requirements for http. Now you just need another frontend configured for 443, it would match the :80 frontend, aside from port, using SSL, and a path to the certificates. On Tue, Aug 30, 2016 at 8:47 AM, Harish Chander <[email protected]> wrote: > Hi, > > > I shall be really thankful you if you help in configure haproxy or its > possible or not. > > > External ELB - In external AWS ELB i have 2 Ha proxy server > > > HA Proxy > > connect > > haproxy > beta.example.com > > beta.example.com > api-example.com > > > beta.example.com server work's on 80 and 443 both, If i add A Name in DNS of > direct server IP then work everything. > > > Requirement - beta.example.com should work on both 443 and 80. now its > working for 80 only. Please help me out. you can call me +918529142143 any > time. > > > Current haproxy conf under below > > > > haproxy.conf > > > global > > log /dev/log local0 > > log /dev/log local1 notice > > chroot /var/lib/haproxy > > stats socket /run/haproxy/admin.sock mode 660 level admin > > stats timeout 30s > > user haproxy > > group haproxy > > daemon > > > # Default SSL material locations > > ca-base /etc/ssl/certs > > crt-base /etc/ssl/private > > > # Default ciphers to use on SSL-enabled listening sockets. > > # For more information, see ciphers(1SSL). This list is from: > > # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ Hardening Your Web Server's SSL Ciphers ยท Homepage of ...<https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/> hynek.me There are many wordy articles on configuring your web server's TLS ciphers. This is not one of them. Instead I will share a configuration which is both compatible ... > > ssl-default-bind-ciphers > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > > ssl-default-bind-options no-sslv3 > > > defaults > > log global > > mode http > > option httplog > > option dontlognull > > timeout connect 5000 > > timeout client 50000 > > timeout server 50000 > > > frontend haproxy > > bind *:80 > > stats uri /stats > > stats realm Strictly\ Private > > stats auth pass:word > > > # Define hosts > > #urls > > acl beta.example hdr(host) -i beta.example.com > > > > acl api.example hdr(host) -i api-example.com > > > > #cluster > > use_backend b.example if beta.example > > > use_backend z.api if api.example > > > #Frontend Server > > > backend b.example > > mode http > > balance roundrobin > > option forwardfor > > server server01 10.0.0.1:80 check > > > ##API > > backend z.api > > mode http > > balance roundrobin > > option forwardfor > > server api01 192.168.1.1:80 check > > > > Regard's > Harish Chander > 8529142143 > > -- Jeff Palmer https://PalmerIT.net
