Hey Guy's,
I need to pass TLS traffic from the VIP (managed by keepalived) to the
servers defined in HAproxy. I've got certs on both the VIP and the
servers. What is the best way to do pass traffic through?
I'm given the impression that TLS bridging
(https://www.haproxy.com/documentation/haproxy/deployment-guides/tls-infrastructure/)
will work however this is if I have HAproxy 1.6+ . I'll need a custom
rpm on my RHEL 7 for that though.
What would be the equivalent for HAproxy 1.5+? Is there an option for
lower versions?
global
log 127.0.0.1 local3 warning
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon haproxy
stats socket /etc/haproxy/stats
tune.ssl.default-dh-param 2048
defaults
mode tcp
log global
option dontlognull
option redispatch
retries 3
timeout queue 1m
timeout connect 10s
timeout client 3m
timeout server 3m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
frontend srvin
log 127.0.0.1 local0
debug
bind srv-c01:17182 ssl crt
/etc/haproxy/certs/srv-c01.mws.mds.xyz-haproxy.pem no-sslv3
default_backend srvback
backend srvback
log /dev/log local0 debug
mode http
balance roundrobin
server cm-r01nn01.mws.mds.xyz
cm-r01nn01.mws.mds.xyz:7182 ssl check verify none port 7182 inter 12000
rise 3 fall 3
server cm-r01nn02.mws.mds.xyz
cm-r01nn02.mws.mds.xyz:7182 ssl check verify none port 7182 inter 12000
rise 3 fall 3
--
Thx,
TK.
