haproxy: ssl backends
Published: 10-12-2013 | Author: Remy van Elst | Text only version of this article
Table of Contents
This snippets shows you how to add an ssl backend to HAPROXY. You need haproxy1.5 or higher, 1.4 does not support ssl backends.
Note: this is not about adding ssl to a frontend. this allows you to use an sslenabled website as backend for haproxy.
The following config is required in a
backend example-backend balance roundrobin option httpchk GET /health_check server srv01 10.20.30.40:443 weight 1 maxconn 100 check ssl verify none server srv02 10.20.30.41:443 weight 1 maxconn 100 check ssl verify none
The important parts are:
10.20.30.41:443 ssl verify none
You can also specify verify all. As expected, this will verify all certificates,however this will generate extra load. For this example setup the
verify noneis good enough.