Don’t be deceived by the shorter configuration, only use an SSL/TLS Passthrough Proxy if you know exactly why you’re doing it this way! This configuration is most useful for load balancing, and HAProxy includes built in support for health checks, dynamically balancing only between hosts that are detected as up.
HAProxy has us define two configurations – a “Frontend” configuration and a “backend” configuration. The Frontend is the client-facing proxy, and the backend, intuitively are the servers you’re proxying to.
text
frontend localhost # Only bind on 80 if you also want to listen for connections on 80 bind *:80 bind *:443 option tcplog mode tcp default_backend nodes backend nodes mode tcp balance roundrobin option ssl-hello-chk # Add an entry for each of your backend servers and their resolvable hostnames server webserver1 10.0.0.7:443 check server webserver2 10.0.0.8:443 check server webserver1 10.0.0.9:443 check
If your needing to use an SSL Certificate trusted by your frontend users / visitors we highly recommend a GeoTrust SSL Certificate. They have their root certificates trusted in over 99% of all major browsers and devices. GeoTrust also have available some very popular wildcard certificates.
Discussions and Comments
Click here to view and join in on any discussions and comments on this article.