HAProxy community

SSL Termination


#1

Hi,

I’m want to configure SSL Termination with version 1.6.
I have the error but i don’t know where.
I don’t know where can i see the log.

Thanks in advance.

My configuration file is :

frontend www-http
bind *:80
mode http
option httpclose
option forwardfor

acl localACL hdr_dom(host) -i localhost
use_backend mytravelBackend if localACL 
default_backend defaultBackendServer

frontend www-https
bind *:21 ssl crt /etc/ssl/certs/certificate.pem
mode https
option httpclose
option forwardfor

acl localACL hdr_dom(host) -i localhost
use_backend localBackend if localACL 
default_backend defaultBackendServer

backend defaultBackendServer
mode http
balance source
server SRV-WEB-1 192.168.2.13:80 check
server SRV-WEB-2 192.168.2.14:80 check

backend localBackend
mode http
balance source
acl no_redir url_beg /new/new
reqirep ^([^\ :])\ /(.) \1\ /new/new\2 if !no_redir
server SRV-WEB-1 192.168.2.13:80 check
server SRV-WEB-2 192.168.2.14:80 check


Backend regirep redirection
#2

HTTP is port 443, not 21. Also, its “mode http”, there is no “mode https” even though you are terminating ssl.

I assume this configuration is completely invalid, and haproxy rejects it. You will see in what line the configuration error is, when starting haproxy.


#3

Yes the configuration was totally invalid.

Now i have this error message : unable to load SSL private key from
First of all, i can’t see the link but the link that i provided from pem file is correct.

And i don’t if it’s because my private key has the passphrase ? And if it’s it, how can i do ?


#4

Are you sure the pem file contains both the certificate and the key in that sequence?

Like:
cat cert.pem key.pem > certificate.pem


#5

Yesi had put it !
The used command was:
cat public.crt >> certificate.pem
cat private.key >> certificate.pem
cat intermediate.crt >> certificate.pem

I don’t know if is good.


#6

Only if certificate.pem was guaranteed to be empty before this commands.

That’s why you don’t do it your way, but:
cat public.crt private.key intermediate.crt >certificate.pem


#7

Thanks
Ok!

I have change the order to public intermediate and private.
Haprocy seems recognize it.

I have the following instruction into the error log : Enter PEM pass phrase:
I don’t know how to enter it


#8

Don’t use an encrypted private key, if you want haproxy to start on its own.


#9

It’s OK!
It’s function