haproxy: ssl backends

10-12-2013 | Remy van Elst


Table of Contents


This snippets shows you how to add an ssl backend to HAPROXY. You need haproxy 1.5 or higher, 1.4 does not support ssl backends.

This snippet is tested on a Digital Ocean VPS. If you like this snippet and want to support me, use this link to order a Digital Ocean VPS: https://www.digitalocean.com/?refcode=7435ae6b8212

Note: this is not about adding ssl to a frontend. this allows you to use an ssl enabled website as backend for haproxy.

The following config is required in a backend section:

backend example-backend
  balance roundrobin
  option httpchk GET /health_check
  server srv01 10.20.30.40:443 weight 1 maxconn 100 check ssl verify none
  server srv02 10.20.30.41:443 weight 1 maxconn 100 check ssl verify none

The important parts are:

10.20.30.41:443 
ssl verify none

You can also specify verify all. As expected, this will verify all certificates, however this will generate extra load. For this example setup the verify none is good enough.

More Info: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#ssl%20%28Server%20and%20default-server%20options%29


Tags: apache, haproxy, loadbalancer, ssl,