HAProxy community

How to config SSL certificate for Jira and Confluence by HAProxy?

Using HAProxy version: 2.1.3

I did setting in the /etc/haproxy/haproxy.cfg file:

frontend jira.mysite.com
    # bind :::8080 v4v6
    bind :::443 v4v6 ssl crt /home/user/ssl/server.pem
    http-request redirect scheme https unless { ssl_fc }

    default_backend             jira

frontend confluence.mysite.com
    # bind :::8090 v4v6
    bind :::443 v4v6 ssl crt /home/user/ssl/server.pem
    http-request redirect scheme https unless { ssl_fc }

    default_backend             confluence

backend jira
    balance     roundrobin
    cookie JIRASESSIONID prefix nocache
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server jira1 [IPv6 IP]:8080 check cookie jira1
    server jira2 [IPv6 IP]:8080 check cookie jira2

backend confluence
    balance     roundrobin
    cookie CONFSESSIONID prefix nocache
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server confluence1 [IPv6 IP]:8090 check cookie confluence1
    server confluence2 [IPv6 IP]:8090 check cookie confluence2

Before I add 443 setting, 8080 and 8090 bind worked well.

But in this case, when restart haproxy, got this error:

Job for haproxy.service failed because the control process exited with error code. See "systemctl status haproxy.service" and "journalctl -xe" for details.

When use journalctl -xe to see detail, got:

...
Feb 28 17:44:21 server systemd[1]: haproxy.service: control process exited, code=exited status=1
Feb 28 17:44:21 server haproxy[30436]: Errors found in configuration file, check it with 'haproxy check'.
Feb 28 17:44:21 server systemd[1]: Failed to start SYSV: HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high
-- Subject: Unit haproxy.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit haproxy.service has failed.
--
-- The result is failed.
Feb 28 17:44:21 server systemd[1]: Unit haproxy.service entered failed state.
Feb 28 17:44:21 server sudo[30429]: pam_unix(sudo:session): session closed for user root
Feb 28 17:44:21 server systemd[1]: haproxy.service failed.
Feb 28 17:44:21 server polkitd[2570]: Unregistered Authentication Agent for unix-process:30430:138824114 (system bus name :1.76278,

Why it failed to start SYSV?

Now using IPv6, how to config it correctly?


I did Jira(8.6.1) configuration setting for <JIRA_INSTALL>/conf/server.xml:

Comment out:

<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
                   maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

Uncomment:

        <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
                   maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
                   proxyName="<subdomain>.<domain>.com" proxyPort="443"/>

Maybe it will work if set real proxyName.