HAProxy community

Https to http on haproxy 1.8.1


Hey I am new to haproxy.
I got a working proxy on port 80 to 8080, and I want to replace port 80 to 443 and use a specific wildcard certificate that is not lets encrypt.

I want to have a specific HTTPS URL - that does not have an apache virtual host.
My example https://publicname.com that resolve it self into privatename

My backend is then port 8080.

The error message is
[ALERT] 340/111702 (61859) : parsing [/tmp//2018-12-07.10:17:01.cfg:41] : ‘bind realpublic ip :443’ : unable to load SSL private key from PEM file ‘/etc/ssl/certs/newfile4.crt.pem’. [ALERT] 340/111702 (61859) : Error(s) found in configuration file : /tmp//2018-12-07.10:17:01.cfg [ALERT] 340/111702 (61859) : Fatal errors found in configuration.

My configuration is

frontend http-in
bind real.public.ip.yes:443 ssl crt /etc/ssl/certs/newfile4.crt.pem
reqadd X-Forwarded-Proto:\ https
acl fronturl hdr(host) eq publicname.com
use_backend test-backend if fronturl

backend test-backend
http-request set-header Host privatename.publicdomain.com (This have an apache virtualhost and is responding perfectly)
server node1

Eventually I will add “round-robin” to backend and add more serveres once the front config is working.

Can anyone help?


The error message says:

unable to load SSL private key from PEM file ‘/etc/ssl/certs/newfile4.crt.pem’

So, double check your certificate file /etc/ssl/certs/newfile4.crt.pem


Thanks - I got it to work by doing the following

I got a pcks12 certificate where I extracted the certificate, the private key, and got the intermediate… certificat.

I created one new file, and copied the content from 1. the extracted certifiace, 2 the extracted private key, and made a copy/paste from the intermediate certificate - reload and I now got an ssl offloader :slight_smile:

I added the ssl crt /etc/ssl/certs/newfile8.pem and restartet the service, 0 problems.