So I’ve got working Haproxy servers, the boss wants me to make sure the back end is using SSL as well. So I’ve made sure the backend servers have domain signed certs, I have the CA pem file on my test hap server and my server directive like so:
server dc02 10.100.160.12:636 maxconn 100 check ssl fall 3 rise 1 inter 2s verify none check check-ssl ca-file /etc/ssl/private/hap/ca/domain-ca.pem
Thinking about how SSL works… I’m going to need the FQDN value in here for that server. So if I change it to this:
server dc02 dc01.domain.net:636 maxconn 100 check ssl fall 3 rise 1 inter 2s verify none check check-ssl ca-file /etc/ssl/private/hap/ca/domain-ca.pem
Can anyone confirm this look ok?