Haproxy : Reverse Proxy https
De www.yakakliker.org
Approche 1
Avec cette approche, la communication se fait en http avec le backend (serveur web de destination) et en http où https avec les clients.
Les certificats sont hébergés uniquement sur HAproxy
frontend yakakliker
bind *:80
mode http
option httplog
acl yaka_acl hdr(host) www.yakakliker.org
use_backend backend1 if yaka_acl
frontend yakakliker_443
bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem
mode http
option httplog
acl yaka_acl hdr(host) www.yakakliker.org
redirect scheme https code 301 if !{ ssl_fc }
use_backend backend1 if yaka_acl
backend backend1
mode http
balance source
option httpchk
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server web-server1 Adresse_IP:80 maxconn 32
Approche 2
frontend yakakliker
bind *:80
bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem name www.yakakliker.org
filter cache mycache
http-request cache-use mycache
http-response cache-store mycache
mode http
option httplog
acl yaka_acl hdr(host) www.yakakliker.org
http-request redirect scheme https code 301 unless { ssl_fc }
use_backend backend1 if yaka_acl
backend backend1
balance roundrobin
mode http
filter cache mycache
http-request cache-use mycache
http-response cache-store mycache
option httpchk
http-check expect ! rstatus ^5
default-server inter 3s fall 3 rise 2
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server web-server1 192.168.1.100:80 check
server web-server2 192.168.2.100:80 check
Test de la configuration
haproxy -f /etc/haproxy/haproxy.cfg -c
Lien
https://wiki.maxcorp.org/configurer-un-reverse-proxy-avec-haproxy-http-https/
https://www.haproxy.com/blog/redirect-http-to-https-with-haproxy#redirect-to-https
Haproxy : Unable to load SSL private key from PEM file
https://gist.github.com/urodoz/d7796cec6d47566439ba3d8ecce962f1
