I got a windows server, running IIS and SQL. I want create a duplicate of that. And put a HAPproxy in front of them.
However, got a few problems understanding the whole concept. When creating duplicate servers, and I have several domains set up in ISS, with lets encrypt - that I should then do on both servers, so the two servers are an exact copy of each other, and then HAPproxy will just do all the loadbalancing, when I switch the IP in the DNS for my domains to the IP of the HAPproxy?
So HAProxy, dosnt do anything but redirect the traffic to the IP of the server1, or server2. No need to set up certificates for letsencrypt on the HAPproxy?
You’re absolutely right.
Your 2 servers must be identical, so find a way to replicate the certificate between both of them and loadbalance port 443 in plain TCP mode in HAProxy.
An other method, is to move the SSL processing in HAProxy and do let’s encrypt in there. Note that this might be slightly more complicated than in IIS.
The advantage is that you don’t have the overhead of synchronizing certs on your servers.
Your app may not be compatible with SSL offloading (SSL done by a device in front of your webserver), but a few workaround could be done and one of them would to reconnect on SSL to the server but using a cert issued by your internal CA.