Install SSL on HAProxy – Technical Support Center

Install SSL on HAProxy - Technical Support Center

Luong The Nam

06/07/2022

HAProxy is a suitable service for very high-traffic websites and is therefore often used to improve web service reliability and performance for multi-server configurations.

To install SSL on HAProxy, please refer to the instructions below: (note: the file locations may vary according to the settings on your server)

1. Prepare SSL certificate file

  • You will get the file private key When SSL activation is sent to your email, usually the file format will be: www_domain_.key
  • When you download the SSL certificate file that has completed the authentication, you will receive the following files, you will use 2 files as shown in the image below:

Next, you put in 3 files www_domain.key, www_domain.pem, Chain_RootCA_Bundle.crt Go to the server and type the following command to create the file pem used to install HAProxy.

cat www_tên_miền.pem Chain_RootCA_Bundle.crt www_tên_miền.key > certificate.pem

2. Check if HAProxy has SSL support

Please run the following command to check the version HAProxy:

haproxy -vv

If the returned result has the following information, it means HAProxy SSL supported:

HA-Proxy version 1.6.3 2015/12/25
[...]
Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes

Otherwise, if you see the following output, then you need to rebuild HAProxy with SSL support.

HA-Proxy version 1.6.3 2015/12/25
[...]
Built with OpenSSL version : not set

3. Configure SSL for HAProxy

Open HAProxy configuration file /etc/haproxy/haproxy.cfg and re-edit: (Note the path may be different from your server)

frontend http_front
   bind *:80
   stats uri /haproxy?stats
   default_backend http_back

frontend https_front
   bind *:443 ssl crt /etc/ssl/certificate.pem #Đường dẫn tới tập tin pem đã tạo ở bước 1.
   reqadd X-Forwarded-Proto: https

backend http_back
   balance roundrobin
   server Server1 <private IP>:80 check
   server Server2 <private IP>:80 check

After the configuration is complete, run the following command to check the configuration file:

haproxy -check -f /etc/haproxy/haproxy.cfg

After successful configuration test, please restart HAProxy for the configuration to take effect.

service haproxy restart

Note: This is just a reference for installing SSL on HAProxy, the settings may be different from yours, please check and replace to avoid errors.

Good luck!

Turn a bug into a feature to exploit it!!!

Why Should You Choose .ONLINE Domain Extensions

By Nguyen Manh Cuong

Nguyen Manh Cuong is the author and founder of the nguyendiep blog. With over 14 years of experience in Online Marketing, he now runs a number of successful websites, and occasionally shares his experience & knowledge on this blog.

Leave a comment

Your email address will not be published. Required fields are marked *