From 0dd22ce9baf0ed6a22bc9abca83606716516fd37 Mon Sep 17 00:00:00 2001 From: Nick Leffler Date: Sun, 25 Oct 2020 15:50:14 +0000 Subject: [PATCH] added ssl/LE support using NGiNX --- haproxy.cfg | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/haproxy.cfg b/haproxy.cfg index 9768809..5afa4c0 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -20,8 +20,11 @@ defaults option http-server-close #### Main fron end #### -frontend https_front +frontend main_front + bind *:80 bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1 +# http-request redirect scheme https unless { ssl_fc } + redirect scheme https code 301 if !{ ssl_fc } #### Stats Page #### stats uri /haproxy?stats @@ -37,15 +40,25 @@ frontend https_front acl url_is_wp_admin path_beg /wp-admin /wp-login.php /manage /securein use_backend adminServerHTTP if url_is_wp_admin + #### LE cert #### + acl letsencrypt-acl path_beg /.well-known/acme-challenge/ + use_backend letsencrypt-backend if letsencrypt-acl + #### Configure Backends #### default_backend webserversHTTP #### Main Backend #### backend webserversHTTP balance roundrobin - server web02 10.108.0.5:80 check + server web01 10.108.0.2:80 check +# server web02 10.108.0.5:80 check #### Admin server #### backend adminServerHTTP balance roundrobin - server web02 10.108.0.5:80 check + server web01 10.108.0.2:80 check +# server web02 10.108.0.5:80 check + +#### LE Backend #### +backend letsencrypt-backend + server letsencrypt 127.0.0.1:8080