This page explains the Installation Of SSL in haproxy. Haproxy is the most widely used software load balancer available at present.
To install an SSL certificate in HAProxy, you can follow these steps:
- Login to the server and check haproxy configuration is valid or not.
haproxy -c -V -f /etc/haproxy/haproxy.cfg
(If it is a fresh installation, we must create a new .pem file).
- Make a file named <www.example.com.pem> using vi or any other text editor inside the /etc/haproxy/ssl directory.
vi /etc/haproxy/ssl/www.example.com.pem
or
touch /etc/haproxy/ssl/www.example.com.pem
(If it is a renewal, backup the existing .pem file).
- Download zip file containing crt, and other files from SSL Certificate Provider.
- Copy the files into Notepad.
- Go to the /etc/haproxy/ssl/ directory.
cd /etc/haproxy/ssl/
Populate the file “www.example.com.pem” file with the contents of downloaded certificate files in the following order;
- private key
- file with domain name
- The other two files
cat > www.example.com.pem
“cat > file” command redirects the standard input to a file. It allows you to create or overwrite the content of a file. To use it correctly, follow these steps:
Type the command cat > www.example.com.pem and press Enter. The terminal will be waiting for input. You can start typing or pasting the content of the file. Once you have entered the desired content, press Ctrl + D to save.
Recheck the configuration file.
haproxy -c -V -f /etc/haproxy/haproxy.cfg
- Restart haproxy.
systemctl restart haproxy
Configure HAProxy to Redirect HTTP to HTTPS
To secure your website via HTTPS, you must enable HAProxy to redirect all HTTP traffic to HTTPS. If a user tries to access it over HTTP (port 80), HAproxy can do HTTP to HTTPS redirection by adding the following lines to the configuration:
To set up HTTP to HTTPS redirection in HAProxy, you can follow these steps:
- Edit the HAProxy configuration file.
http-request redirect scheme https code 301 if { hdr(host) -i example.com } !{ ssl_fc } http-request redirect scheme https code 301 if { hdr(host) -i www.example.com } !{ ssl_fc }
- Restart haproxy using the following command.
systemctl restart haproxy
Thus, you have learned the Installation Of SSL in Haproxy. We will add further kbs related to haproxy in future.