Haproxy : Configuration de plusieurs certificats

De www.yakakliker.org

Exemple de configuration

frontend http
    bind *:80

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    mode http
    option httplog

    http-request redirect scheme https code 301 unless { ssl_fc }

    acl yaka_acl  hdr(host)   www.yakakliker.org
    use_backend backend1 if yaka_acl

    acl openproject_acl  hdr(host)   openproject.yakakliker.org
    use_backend backend2 if openproject_acl 

    acl guacamole_acl hdr(host) guacamole.yakakliker.org
    use_backend backend3 if guacamole_acl


frontend https
    bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem crt /etc/haproxy/cert/openproject.yakakliker.org.pem

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    mode http
    option httplog

    http-request redirect scheme https code 301 unless { ssl_fc }

    acl yaka_acl  hdr(host)   www.yakakliker.org
    use_backend backend1 if yaka_acl

    acl openproject_acl  hdr(host)   openproject.yakakliker.org
    use_backend backend2 if openproject_acl

backend backend1
    balance roundrobin
    mode http

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache


    option httpchk GET /
    default-server inter 3s fall 3 rise 2
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.100:80 check
    server web-server2  192.168.2.100:80 check


backend backend2
    balance roundrobin
    mode http

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    option httpchk GET /
    default-server inter 3s fall 3 rise 2
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.200:80 check
    server web-server2  192.168.2.200:80 check


backend backend3
    mode http
    balance source
    option httpchk GET /
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.150:80 maxconn 32

Test de la configuration

 haproxy -f /etc/haproxy/haproxy.cfg -c

Création des certificats Let's encrypt pour HAproxy

cat fullchain.pem privkey.pem > example.com.pem

Lien

https://docs.haproxy.org/

https://gist.github.com/urodoz/d7796cec6d47566439ba3d8ecce962f1

https://stackoverflow.com/questions/27947982/haproxy-unable-to-load-ssl-private-key-from-pem-file


compteur web gratuit sans pub

Récupérée de « http://www.yakakliker.org/index.php?title=Haproxy_:_Configuration_de_plusieurs_certificats&oldid=1144 »