HAProxy COMODO Wildcard SSL

• Using SSL Certificates with HAProxy
• HAProxy to redirect http to https for multiple domain names without SSL Termination
• haproxy: inconsistencies between private key and certificate loaded from PEM file
• Setting up HAProxy with Comodo PositiveSSL certificates

• 'bind *:443' : unable to load SSL private key from PEM file '/etc/haproxy/ssl/domain.pem'.
• 'bind *:443' : inconsistencies between private key and certificate loaded from PEM file '/etc/haproxy/ssl/domain.pem'.

서버 인증서는 순서대로 적용되어야 한다. HAProxy crt <cert>

1. server certificate
2. server private key (without any password)
3. intermediate certificate 1
4. intermediate certificate 2

HAProxy Wildcard SSL PEM

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > intermediate.bundle
cat domain.com.key >> haproxy.pem
cat domain.com.crt >> haproxy.pem
cat intermediate.bundle >> haproxy.pem

frontend http-frontend
    bind 10.1.0.4:80

    redirect scheme https if !{ ssl_fc }

frontend https-frontend
    bind 10.1.0.4:443 ssl crt /etc/ssl/haproxy.pem

    option httplog
    mode http

    acl is_local hdr_end(host) -i mirror.skbx.co
    acl is_kiev  hdr_end(host) -i kiev.skbx.co

    use_backend kiev if is_kiev
    default_backend wwwlocalbackend

backend wwwlocalbackend
    mode http
    server 1-www 127.0.0.1:443

backend kiev
    mode http
    server 1-www 10.8.0.6:443