Hi, Hi,
Seems to have a little problem with my SSL config: ... ... # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ # An alternative list with additional directives can be obtained from # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy ssl-default-bind-options no-sslv3 ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-server-options no-sslv3 ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS defaults log global mode http option forwardfor option http-server-close option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http stats enable stats uri /stats stats realm Haproxy\ Statistics stats auth toto:lolo29 frontend email-https bind *:888 ssl crt /etc/ssl/certs/cert.crt reqadd X-Forwarded-Proto:\ https default_backend https-email frontend www-https bind *:443 ssl crt /etc/ssl/certs/cert.crt reqadd X-Forwarded-Proto:\ https default_backend https-www backend https-email redirect scheme https if !{ ssl_fc } server hostname ip_email_server:888 backend https-www redirect scheme https if !{ ssl_fc } server hostname ip_web_server:443 The main plan is to forward all HTTPS (port:443) requests to my web server and all HTTPS(port:888) to my email server. Do you see any mistake in my config ? Logs from HAproxy: haproxy[15953]: [ALERT] 011/101209 (15953) : Proxy 'email-https': no SSL certificate specified for bind '*:888' at [/etc/haproxy/haproxy.cfg:52] (use 'crt'). Jan 12 10:12:09 proxy haproxy[15953]: [ALERT] 011/101209 (15953) : Proxy 'www-https': no SSL certificate specified for bind '*:443' at [/etc/haproxy/haproxy.cfg:57] (use 'crt'). Jan 12 10:12:09 proxy haproxy[15953]: [ALERT] 011/101209 (15953) : Fatal errors found in configuration. Thx -- Cordialement, Thierry e-mail : lenai...@maelenn.org PGP Key: 0xB7E3B9CD