Hey Guy's,

I need to pass TLS traffic from the VIP (managed by keepalived) to the servers defined in HAproxy. I've got certs on both the VIP and the servers. What is the best way to do pass traffic through?


I'm given the impression that TLS bridging (https://www.haproxy.com/documentation/haproxy/deployment-guides/tls-infrastructure/) will work however this is if I have HAproxy 1.6+ . I'll need a custom rpm on my RHEL 7 for that though.


What would be the equivalent for HAproxy 1.5+? Is there an option for lower versions?

global
        log                     127.0.0.1       local3  warning
        pidfile                 /var/run/haproxy.pid
        maxconn                 4000
        user                    haproxy
        group                   haproxy
        daemon                  haproxy

        stats socket            /etc/haproxy/stats
        tune.ssl.default-dh-param 2048

defaults
        mode                    tcp
        log                     global
        option                  dontlognull
        option                  redispatch
        retries                 3
        timeout queue           1m
        timeout connect         10s
        timeout client          3m
        timeout server          3m
        timeout http-keep-alive 10s
        timeout check           10s
        maxconn                 30000

frontend srvin
log 127.0.0.1 local0 debug bind srv-c01:17182 ssl crt /etc/haproxy/certs/srv-c01.mws.mds.xyz-haproxy.pem no-sslv3
        default_backend             srvback


backend srvback
        log /dev/log local0 debug
        mode http
        balance roundrobin


server cm-r01nn01.mws.mds.xyz cm-r01nn01.mws.mds.xyz:7182 ssl check verify none port 7182 inter 12000 rise 3 fall 3 server cm-r01nn02.mws.mds.xyz cm-r01nn02.mws.mds.xyz:7182 ssl check verify none port 7182 inter 12000 rise 3 fall 3




--
Thx,
TK.

Reply via email to