Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Getting error as unknown keyword ssl in haproxy configuration file

Tags:

ssl

haproxy

This is my haproxy.cfg file

global
    daemon
    maxconn 256

defaults
    mode tcp
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms


frontend ft_ssltests
        mode tcp
        bind *:443 ssl crt /etc/haproxy/sslkeys/host.crt ca-file /etc/haproxy/sslkeys/host.pem
        default_backend webmail


backend webmail
        balance roundrobin
        server server1 10.198.2.76:50000 maxconn 32 check
        server server2 10.198.2.76:60000 maxconn 32 check

After restarting above config file I am getting error as shown below

service haproxy restart
[ALERT] 023/230240 (4375) : parsing [/etc/haproxy/haproxy.cfg:14] : 'bind *:443' unknown keyword 'ssl'. Registered keywords :
    [ TCP] defer-accept
    [ TCP] interface <arg>
    [ TCP] mss <arg>
    [ TCP] transparent
    [ TCP] v4v6
    [ TCP] v6only
    [STAT] level <arg>
    [UNIX] gid <arg>
    [UNIX] group <arg>
    [UNIX] mode <arg>
    [UNIX] uid <arg>
    [UNIX] user <arg>
    [ ALL] accept-proxy
    [ ALL] backlog <arg>
    [ ALL] id <arg>
    [ ALL] maxconn <arg>
    [ ALL] name <arg>
    [ ALL] nice <arg>
    [ ALL] process <arg>
[ALERT] 023/230240 (4375) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 023/230240 (4375) : Fatal errors found in configuration.
Errors found in configuration file, check it with 'haproxy check'.

Please help me to find the solution...

like image 453
Jagadeesh Avatar asked Dec 01 '22 16:12

Jagadeesh

2 Answers

haproxy supports SSL starting with version 1.5.
Check which version you are running and if SSL support has been compiled. Type : 

$ haproxy -vv
HA-Proxy version 1.6.3 2015/12/25
[...]
Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
[...]

to check these two mandatory things.

like image 103
iga Avatar answered Dec 06 '22 03:12

iga

Install haproxy by below command with ssl switch:

make -j 4 TARGET=linux2628 USE_NS=1 USE_TFO=1 USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 SSL_INC=/usr/local/openssl/include SSL_LIB=/usr/local/openssl/lib

like image 29
Hamid Reza Sharifi Avatar answered Dec 06 '22 03:12

Hamid Reza Sharifi
Sign in to Comment

Related questions

Comparison of SSL Certificates [closed]
whatsapp sniffing ssl traffic with wireshark
Convert JKS file to BKS or create BKS file
How is a private key encrypted in a pem certificate?
Use SSL with MAMP PRO 4
How to know using Django if server is secure (uses https)
Verifying the SSL certificate on iOS
How to use Digitalocean Spaces Subdomain with CloudFlare FREE SSL?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!