Need some guidance on how to setup HAProxy with SSL port 6443 and serving as a browser proxy

naveen27232 · August 11, 2020, 1:55pm

I am new to HAProxy and using a docker image from

My requirement is that HAProxy is to function as a browsers Proxy , such that i will set HAproxy’s IP and port 6443 as a HTTP/HTTPS proxy in manual proxy settings in Firefox browser

Now in browser i want to put a URL - https://123-10.1.2.3:8443/index.html
such that the request first lands on HAProxy IP and port 6443
and then i want to navigate to my servers based on the Hosts requests received-
say- Host is 123-10.1.2.3:8443 , navigate to backend server 11.1.2.3: 8443
say Host is 456-10.4.5.6:8443, navigate to backend server 11.4.5.6: 8443

Note- All Ips are just for example.

I have my config as below , but i keep getting SSL Handshake errors as soon as i type anything on the browser (after setting manual proxy), any help is appreciated-

global
maxconn 50000
log /dev/log local0
log /dev/log local1 notice
user haproxy
group haproxy
ssl-default-bind-ciphers ECDHE+aRSA+AES256+GCM+SHA384:ECDHE+aRSA+AES128+GCM+SHA256:ECDHE+aRSA+AES256+SHA384:ECDHE+aRSA+AES128+SHA256:ECDHE+aRSA+RC4+SHA:ECDHE+aRSA+AES256+SHA:ECDHE+aRSA+AES128+SHA:AES256+GCM+SHA384:AES128+GCM+SHA256:AES128+SHA256:AES256+SHA256:DHE+aRSA+AES128+SHA:RC4+SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
ssl-dh-param-file /usr/local/etc/haproxy/dhparam.pem
ssl-default-bind-options ssl-min-ver TLSv1.2
ssl-server-verify none
stats socket /run/haproxy/admin.sock user haproxy group haproxy mode 660 level admin

defaults
timeout connect 60s
timeout client 120s
timeout server 120s
timeout tunnel 1h
timeout http-keep-alive 5s
timeout http-request 15s
timeout queue 15s
timeout tarpit 15s
default-server inter 3s rise 2 fall 3
log global
mode http
option httplog

frontend stats
bind *:8404
stats enable
stats uri /stats
stats refresh 10s
stats admin if LOCALHOST

frontend ssl
bind *:6443 ssl crt /usr/local/etc/haproxy/cert.pem #This is a let’s Encrypt certificate which contains cert + key together in one file
mode http
use_backend backend_123 if { hdr(host) -i 123-10.1.2.3:8443 }
use_backend backend_456 if { hdr(host) -i 456-10.4.5.6:8443 }

backend backend_123
mode http
server srvr_123 11.1.2.3:8443 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend backend_456
mode http
server srvr_456 11.4.5.6:8443 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }

lukastribus · August 11, 2020, 8:31pm

That’s not what haproxy does. Haproxy is a reverse proxy, not a forward proxy.

You need to use squid or tinyproxy instead.

Topic		Replies	Views
Using SSL with HAProxy for docker containers Help!	33	25724	December 6, 2016
Need help with haproxy config Help!	0	579	March 20, 2019
Redirect https localhost to docker with. their own http server Help!	0	24	January 10, 2025
HTTP mode with SSL for Geth RPC Help!	0	346	January 13, 2024
Unable to access my container services via haproxy Help!	6	151	July 26, 2024

Need some guidance on how to setup HAProxy with SSL port 6443 and serving as a browser proxy

I have my config as below , but i keep getting SSL Handshake errors as soon as i type anything on the browser (after setting manual proxy), any help is appreciated-

Related topics