Ha Proxy sample config frontend ssl

/ Konkretor

You can use Haproxy for a frontend ssl

with redirect from port 80 to 443

 

here is a sample haproxy.cfg


global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice

user haproxy
group haproxy
daemon
stats socket /etc/haproxy/haproxysock level admin

maxconn 16384
tune.ssl.default-dh-param 4096
defaults
log global
balance roundrobin
mode http

retries 3
option httplog
option dontlognull

maxconn 10240
timeout connect 5s
timeout client 15s
timeout server 60s

backend my_frontend_pool
option forwardfor

server mylocalserver1.example.com 10.10.18.30:8080 weight 1 maxconn 512 check
server mylocalserver2.example.com 10.10.18.40:8080 weight 1 maxconn 512 check
server mylocalserver3.example.com 10.10.18.50:8080 weight 1 maxconn 512 check


frontend mylocalfrontend.example.com
bind 10.241.18.20:443 ssl crt /etc/ssl/myserver/wild.pem ciphers ECDHE+aRSA+AES256+GCM+SHA384:ECDHE+aRSA+AES128+GCM+SHA256:ECDHE+aRSA+AES256+SHA384:ECDHE+aRSA+AES128+SHA256:ECDHE+aRSA+RC4+SHA:ECDHE+aRSA+AES256+SHA:ECDHE+aRSA+AES128+SHA:AES256+GCM+SHA384:AES128+GCM+SHA256:AES128+SHA256:AES256+SHA256:DHE+aRSA+AES128+SHA:RC4+SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS no-sslv3

acl clear dst_port 80
acl secure dst_port 443

reqadd X-Forwarded-Proto:\ https if secure
reqadd FRONT_END_HTTPS:\ on if secure

default_backend my_frontend_pool

listen my_statistics :60099
stats enable
stats uri /
stats refresh 15s

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s