After going through these archives, I'm still not clear on if I need
something more than HAProxy to add SSL to my backend servers. Right now I
have HAProxy running on a virtual node (LB1) in front of another virtual
node with the web server (WEB1). This is all behind a firewall/router that's
routing one of my public IP's to the shared local address. I need to add at
least three SSL certificates to three sites on my web server. Here is my
current cfg setup:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
defaults
log global
mode http
option httplog
option dontlognull
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webfarm 192.168.31.100:80, 192.168.31.100:443
mode http
stats enable
stats auth netadmin:5bgr+bdd1WbA
balance roundrobin
cookie JSESSIONID prefix
option forceclose
option httpclose
option forwardfor
option httpchk HEAD /check.txt HTTP/1.0
server web1 192.168.31.202:80 cookie w01 check inter 2000 rise 2 fall
2
server web2 192.168.31.212:80 cookie w02 check inter 2000 rise 2 fall
2
option persist
redispatch
contimeout 5000
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal
IP address
I've read that all I need is to change mode http to mode tcp, balance roundrobin to balance source, and option httpchk to option ssl-hello-chk, and all should work. Then I also read that HAProxy can't do SSL so you have to install something like stunnel to get it to work. I'm trying to keep things as simple as I can, so what is the correct way for me to handle this? Received on 2009/06/10 14:24
This archive was generated by hypermail 2.2.0 : 2009/06/10 14:30 CEST