Trying to install SSL Cert for use with HAPROXY. No luck

@caw001 wrote:

Hello,

I am trying to configure HAPROXY with a SSL Cert for our load balanced web servers. However whenever I try to restart my service, I keep getting a service failure. If I comment out the lines for the cert stuff and just do a simple http setup it works fine. Below is my config. All suggestions are welcome. Thank you for the help.

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    # An alternative list with additional directives can be obtained from
    #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend http_front
bind 10.1.1.33:80
stats uri /haproxy?stats
default_backend http_nextcloud

frontend www-https-public THESE DO NOT WORK
bind 192.168.1.1:443 ssl crt /etc/ssl/private/star.certhere.com.pem
mode https
reqadd X-Forwarded-Proto:\ https
default_backend http_nextcloud

frontend www-https-private THESE DO NOT WORK
bind 10.1.1.33:443 ssl crt /etc/ssl/private/star.certhere.com.pem
mode https
reqadd X-Forwarded-Proto:\ https
default_backend http_nextcloud

#Define Host Header values
acl host_nextcloud hdr(host) -i testbox.box.com

figure out which backed to use

use_backend http_nextcloud if host_nextcloud

backend http_nextcloud
balance roundrobin
cookie JSESSIONID prefix nocache
redirect scheme https if !{ ssl_fc }
server webws1 10.1.1.217:80 check
server webws2 10.1.1.224:80 check

Posts: 1

Participants: 1

Read full topic

Trying to install SSL Cert for use with HAPROXY. No luck

figure out which backed to use

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112