Passing https: to 443 to tomcat:8443

chriskuku · June 6, 2024, 11:17am

I’m running haproxy 2.8.3 with tomcat9 as a backend server.
How would I have to configure haproxy such that it serves the address:

HAPROXY                       TOMCAT9
https://cms.site.org/    ==>  https://cms.site.org:8443/

wlallemand · June 6, 2024, 2:30pm

You could do something like this:

frontend www
    mode http
    bind *:443 ssl crt /etc/haproxy/website.pem
    default_backend tomcat9

backend tomcat9
     mode http
     server srv1 1.2.3.4:8443 ssl

chriskuku · June 7, 2024, 8:10am

Thanks. What does the ssl in the backend section do? Is it necessary?
Or in other words: I just added the ssl specifier and get an error on startup:

Jun  7 10:12:21 mail haproxy[13143]: [ALERT]    (13143) : config : [/etc/haproxy/haproxy.cfg:85] : 'server cmssite/cms.myserver.org' : verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.
Jun  7 10:12:21 mail haproxy[13143]: [ALERT]    (13143) : config : Fatal errors found in configuration.

EDIT: I see, it checks the availability of a certificate on the backend beforehand, at configuration or start time other than later when real traffic would occur.

Topic		Replies	Views
Haproxy as reverse HTTPS proxy Help!	13	8024	August 20, 2018
Http to https site with balancing Help!	24	3907	November 10, 2018
Help with SSL config with 1 root cert but mutiple subdomains listening on port 443 Help!	18	1063	July 17, 2020
How to configure HAproxy for a certificate authentication Help!	1	2365	October 13, 2022
Force Haproxy to send client certificate if server client-CA list does not contain matching CA Help!	1	1021	July 28, 2020

Passing https: to 443 to tomcat:8443

Related topics