Raymii.org
Quis custodiet ipsos custodes?Home | About | All pages | Cluster Status | RSS Feed
haproxy: ssl backends
Published: 10-12-2013 | Author: Remy van Elst | Text only version of this article
❗ This post is over ten years old. It may no longer be up to date. Opinions may have changed.
This snippets shows you how to add an ssl backend to HAPROXY. You need haproxy 1.5 or higher, 1.4 does not support ssl backends.
Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:
I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!
Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.
You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.
Note: this is not about adding ssl to a frontend. this allows you to use an ssl enabled website as backend for haproxy.
The following config is required in a backend section:
backend example-backend
balance roundrobin
option httpchk GET /health_check
server srv01 10.20.30.40:443 weight 1 maxconn 100 check ssl verify none
server srv02 10.20.30.41:443 weight 1 maxconn 100 check ssl verify none
The important parts are:
10.20.30.41:443
ssl verify none
You can also specify verify all. As expected, this will verify all certificates,
however this will generate extra load. For this example setup the verify none
is good enough.