- Using SSL Certificates with HAProxy
- HAProxy to redirect http to https for multiple domain names without SSL Termination
- haproxy: inconsistencies between private key and certificate loaded from PEM file
- Setting up HAProxy with Comodo PositiveSSL certificates
- 'bind *:443' : unable to load SSL private key from PEM file '/etc/haproxy/ssl/domain.pem'.
- 'bind *:443' : inconsistencies between private key and certificate loaded from PEM file '/etc/haproxy/ssl/domain.pem'.
서버 인증서는 순서대로 적용되어야 한다. HAProxy crt <cert>
- server certificate
- server private key (without any password)
- intermediate certificate 1
- intermediate certificate 2
HAProxy Wildcard SSL PEM
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > intermediate.bundle cat domain.com.key >> haproxy.pem cat domain.com.crt >> haproxy.pem cat intermediate.bundle >> haproxy.pem
frontend http-frontend
bind 10.1.0.4:80
redirect scheme https if !{ ssl_fc }
frontend https-frontend
bind 10.1.0.4:443 ssl crt /etc/ssl/haproxy.pem
option httplog
mode http
acl is_local hdr_end(host) -i mirror.skbx.co
acl is_kiev hdr_end(host) -i kiev.skbx.co
use_backend kiev if is_kiev
default_backend wwwlocalbackend
backend wwwlocalbackend
mode http
server 1-www 127.0.0.1:443
backend kiev
mode http
server 1-www 10.8.0.6:443
반응형
'server-side > haproxy' 카테고리의 다른 글
| HAProxy Mysql 'Reading initial communication packet' (0) | 2017.05.12 |
|---|---|
| HAProxy MySQL replication, cluster (0) | 2017.05.10 |
| HAProxy Stats Scoket Path Error (0) | 2017.05.02 |
| HAProxy Multi Process Warning (0) | 2017.05.01 |
| HAProxy Install (0) | 2017.04.28 |