Uncategorized

Installation of Reverse Proxy HAPROXY

Leave a comment

Generated dhparams.pem for haproxy moved to its directory linked it in the haproxy.cfg file

Kept most global options in the cfg file. Add lines for frontend and backend.

frontend default
   bind :80
   http-request redirect scheme https unless { ssl_fc }
   use_backend % [req.hdr(host),lower,map_dom(/etc/haproxy/maps/hosts.map,be_default)]

   default_backend             acer2

create hosts.map file for each and every host, each line must have host name and backend name like

acer2.nmlindia.org acer2

for each altername port create a frontend like above just replace :80 with say :8080 and provide another map file for hosts handing this port

    backend acer2
        mode http
        http-request redirect scheme https unless { ssl_fc }
        server acer2 acer2.nmlindia.org:8888 check

the line

http-request redirect scheme https unless { ssl_fc }

controls the reirection in case the traffic is SSL

if nonSSL site comment out in both default block and backend block

the port 8888 indicates the port where the website is running

frontend https
   bind *:443 ssl crt-list /etc/haproxy/ssl/private/crt-list.txt   # crt /etc/haproxy/ssl/bdpc-ssl.pem
   mode tcp
   tcp-request inspect-delay 5s
   tcp-request content accept if { req_ssl_hello_type 1 }
   use_backend acer2 if { ssl_fc_sni acer2.nmlindia.org }

Provide certificate path and mode should be tcp for SSL port

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.