HAProxy SSL Pass-Through Configuration: Difference between revisions
Jump to navigation
Jump to search
Line 41: | Line 41: | ||
If the backend hosts run [[iptables]], they must be configured to allow new connections on port 443: | If the backend hosts run [[iptables]], they must be configured to allow new connections on port 443: | ||
-A INPUT -i enp15s0u2 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT | |||
For more details see: {{Internal|Iptables_Command_Line_Tool_Examples#Allow_a_Web_Server_on_a_Specific_Interface|Allow a Web Server on a Specific Interface}} | For more details see: {{Internal|Iptables_Command_Line_Tool_Examples#Allow_a_Web_Server_on_a_Specific_Interface|Allow a Web Server on a Specific Interface}} |
Revision as of 02:17, 4 July 2017
External
Internal
Overview
Frontend Configuration
Frontend binds on both 80 and 443 to allow both regular and SSL HTTP requests.
frontend localhost bind *:80 bind *:443 option tcplog mode tcp default_backend nodes
Frontend iptables Considerations
If the host HAProxy is deployed on runs iptables, access to ports 80 and 443 has to be explicitly open as follows:
For more details see:
Backend Configuration
Backend also needs to be set in "tcp" mode.
backend nodes mode tcp balance roundrobin option ssl-hello-chk server node01 192.168.1.11:443 check server node02 192.168.1.12:443 check
Backend iptables Considerations
If the backend hosts run iptables, they must be configured to allow new connections on port 443:
-A INPUT -i enp15s0u2 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
For more details see: