Hello,
I’m currently learning some new stuff like building a simple website using Hugo and encrypting it with a Let’s Encrypt certificate. Unfortunately Hugo doesn’t have native support for SSL so I quickly found solutions for this by using HAProxy as a reverse proxy.
I’ve since watched a bunch of videos, read various parts of the documentation and blog posts and some tutorials. It’s a very basic website and I’ve come up with the following configuration for my HAProxy.
Please note I’m running this inside a TrueNAS (FreeBSD) Jail using iocage. I had to change the logging configuration part to get that to work but I managed to find some useful resources for that.
I would like to have a sanity check on my configuration file. How does this look for a basic configuration as a reverse proxy with SSL termination? Should I change anything, or add additional must-have configuration options I might have missed?
I want to use this as a basis for hosting more sites in the future using ACLs.
- HAProxy version: HA-Proxy version 2.2.8
- Hugo version: Hugo Static Site Generator v0.80.0
- OpenSSL version: OpenSSL 1.1.1h
global
maxconn 1024
user root
group wheel
daemon
log /var/run/log local0 debug
ssl-default-bind-options ssl-min-ver TLSv1.2
defaults
log global
mode http
option httplog clf
option dontlognull
option logasap
option http-server-close
option forwardfor
timeout connect 10s
timeout client 30s
timeout server 30s
frontend hugo_http
mode http
log global
option httplog
bind *:80
http-request add-header X-Forwarded-Proto: http
redirect scheme https code 301 if !{ ssl_fc }
default_backend hugo
frontend hugo_https
log global
option httplog
bind *:443 ssl crt /usr/local/etc/letsencrypt/live/<domain>/haproxy.pem
http-request add-header X-Forwarded-Proto: https
default_backend hugo
backend hugo
log global
option httplog
mode http
balance roundrobin
server s1 127.0.0.1:1313
Thank you for your replies!
1 post - 1 participant