Hi,
I’m trying to set up an HTTPS/SSL frontend but HAProxy won’t start whenever I add in the ‘bind *:443 ssl crt /opt/certs/self.pem’ line. I’m not sure if there is something wrong with my config or if HAProxy doesn’t like the certificate. In saying that, I can’t see any certificate related errors in the log.
Version
HA-Proxy version 1.8.4-1deb90d 2018/02/08
Copyright 2000-2018 Willy Tarreau <willy@haproxy.org>
Config
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http_front
mode http
bind *:80
default_backend http_back
backend http_back
balance roundrobin
option httpchk GET /index.html
http-check expect string WEB
server web1 web1.domain.com:80 check
server web2 web2.domain.com:80 check
listen stats
bind :1234
mode http
stats enable
stats hide-version
stats uri /
frontend ssl_front
bind *:443 ssl crt /opt/certs/self.pem
default_backend ssl_back
backend ssl_back
balance roundrobin
server web1 web1.domain.com:443 check
server web2 web2.domain.com:443 check
Certificate
I used known working certs and then tested with creating my own self signed one, but always getting the same result. Below is how I created the PEM file.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/certs/self.key -out /opt/certs/self.crt
cat self.crt self.key > self.pem
Logs
The logs aren’t very helpful.
Mar 31 20:01:23 centos4 haproxy: [ALERT] 089/200123 (39723) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
Mar 31 20:01:23 centos4 haproxy: [ALERT] 089/200123 (39723) : Fatal errors found in configuration.
Mar 31 20:01:23 centos4 haproxy: Errors found in configuration file, check it with 'haproxy check'.
Mar 31 20:01:23 centos4 systemd: haproxy.service: control process exited, code=exited status=1
haproxy -dV -f haproxy.cfg
[ALERT] 089/200256 (39900) : Error(s) found in configuration file : haproxy.cfg
[ALERT] 089/200256 (39900) : Fatal errors found in configuration.
Thanks for any help.