Hello all,
We have been using SSL passthrough for a long time but a new set of
applications require I
decrypt at the load-balancer to direct traffic and re-encrypt for sending to
the backend. For
testing, I'm using a self-signed cert at haproxy and the back end web server
has a formal certificate.
This all works except the client browser is showing the connection as insecure.
Would a formal
certificate at haproxy fix this or is there another way to keep the browser
happy using the
self-signed cert? The config I'm using is below. Thanks!
frontend http-in-nlbtest
bind xx.xx.xx.xx:80
bind xx.xx.xx.xx:443 ssl crt /xxxxxxxxx/ec-xxxxx.pem # Note:
self-signed cert
mode http
no option http-server-close
timeout client 1m
http-request add-header X-Forwarded-Proto https
http-request add-header X-Forwarded-Port 443
http-response add-header Strict-Transport-Security max-age=3600 # 60
minutes
acl Host_NLBTest hdr_beg(host) -i nlbtest
use_backend Cluster_NLBTEST_NoSSL if !{ ssl_fc } Host_NLBTest
use_backend Cluster_NLBTEST_SSL if { ssl_fc } Host_NLBTest
backend Cluster_AD_APPENV2019_PRODUCTION_SSL
mode http
balance roundrobin
server backendhost1 backendhost1:443 ssl verify none check-ssl
maxconn 128
server backendhost2 backendhost2:443 ssl verify none check-ssl
maxconn 128
