Menu
We have couple of http sites running behind load balancer ( with failover capability using hearbeat) and one https site. Everything is running fine but now i want to add another https site. I couldn't find any references for hosting multiple https sites.
Has anyone hosted multiple https sites using HAproxy ? Can you please tell me how can i achieve this ? pls help me with your inputs.
Thanks,
Santhosh
205
When HAProxy Enterprise is used as a reverse proxy in front of your backend servers, a frontend section defines the IP addresses and ports that clients can connect to. You may add as many frontend sections as needed to expose various websites or applications to the internet.
In HAProxy, you can add more servers to handle more concurrent connections. In this example, HAProxy allows 30 active connections per server. If all of the servers are maxed out, connections queue up, waiting for an available server.
HAProxy Enterprise supports HTTP/2 over: unencrypted HTTP (known as h2c); encrypted HTTPS when OpenSSL 1.0. 2 or newer is available on the server.
So basically, because HAProxy is not a forward proxy, it will not actually…it will, by default, just pass my request like it is now, like with all that big path that we want. So, we will change the request and will make it look like it's actually a request meant for the backend that we want to address.
And ha-proxy will redirect requests to your server (site-box) via HTTP. You can distinguish between requests coming for your 2 different https website by parsing your URI, after SSL-ffloading at HA-Proxy
If you want to use HTTP and HTTPS without using SSL termination on the HAProxy host that’s possible too and what we’ll explore here. One host with HAProxy, with all TCP traffic on ports 80 and 443 being routed to it. Multiple backend services on your private network.
In the following example, the HAProxy configuration file is set to listen for HTTP traffic on port 80 and HTTPS traffic on port 443: It’s common to listen for both types of traffic and then forward all HTTP requests to HTTPS, as you’ll see in the next section.
You need the latest 1.5 development release (or 1.6 if that's out by the time you read this). In HAProxy 1.8 http/2 is supported, too. HAProxy itself doesn't support SSL, you have to run an "SSL unwrapped" in front.
You have to write rules to pick the backend either based on the frontend (IP address), Host header or TLS SNI ("Server Name Indicator"). What's best depends on your application really. If you need support for clients that don't support SNI (really old); then they won't get real TLS and you have to pick the backend based on the Host header.
Since I wrote the answer below haproxy has added ssl as a new feature. I use it on https://manage.ntppool.org/ and it's working nicely. You need the latest 1.5 development release (or 1.6 if that's out by the time you read this).
In HAProxy 1.8 http/2 is supported, too.
In 2012 the answer was:
HAProxy itself doesn't support SSL, you have to run an "SSL unwrapped" in front. Popular options are stunnel and stud. For HTTP you can also use Apache or Nginx.
72
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
