Skip to main content

Raymii.org Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

haproxy: ssl backends

Published: 10-12-2013 | Author: Remy van Elst | Text only version of this article


Table of Contents


This snippets shows you how to add an ssl backend to HAPROXY. You need haproxy1.5 or higher, 1.4 does not support ssl backends.

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

Note: this is not about adding ssl to a frontend. this allows you to use an sslenabled website as backend for haproxy.

The following config is required in a backend section:

backend example-backend  balance roundrobin  option httpchk GET /health_check  server srv01 10.20.30.40:443 weight 1 maxconn 100 check ssl verify none  server srv02 10.20.30.41:443 weight 1 maxconn 100 check ssl verify none

The important parts are:

10.20.30.41:443 ssl verify none

You can also specify verify all. As expected, this will verify all certificates,however this will generate extra load. For this example setup the verify noneis good enough.

More Info: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#ssl%20%28Server%20and%20default-server%20options%29

Tags: apache, haproxy, loadbalancer, snippets, ssl