HAProxy SSL Pass-Through Configuration: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 34: Line 34:
     [[HAProxy_Configuration#tcp|mode tcp]]
     [[HAProxy_Configuration#tcp|mode tcp]]
     balance roundrobin
     balance roundrobin
     option ssl-hello-chk
     option [[HAProxy_Configuration#ssl-hello-chk|ssl-hello-chk]]
     server node01 192.168.1.11:443 check
     server node01 192.168.1.11:443 check
     server node02 192.168.1.12:443 check
     server node02 192.168.1.12:443 check

Revision as of 02:11, 4 July 2017

External

Internal

Overview

HAProxy Concepts - SSL Pass-Through

Frontend Configuration

Frontend binds on both 80 and 443 to allow both regular and SSL HTTP requests.

frontend localhost
  bind *:80
  bind *:443
  option tcplog
  mode tcp
  default_backend nodes

iptables Considerations

If the host HAProxy is deployed on runs iptables, access to ports 80 and 443 has to be explicitly open as follows:

For more details see:

Allow a Web Server on a Specific Interface

Backend Configuration

Backend also needs to be set in "tcp" mode.

backend nodes
   mode tcp
   balance roundrobin
   option ssl-hello-chk
   server node01 192.168.1.11:443 check
   server node02 192.168.1.12:443 check