\
Go Back   RightScale Forums > Load Balancing > HAProxy

Reply
 
Thread Tools Display Modes
  #1  
Old 03-29-2012, 09:28 AM
vilhena vilhena is offline
Junior Member
Fog
 
Join Date: Mar 2012
Posts: 1
Default Configure haproxy to forward HTTP and SSL

Hello. I have a high availability load balancing solution (keepalived + haproxy) with two load balancers that forward HTTP requests to 2 web servers (managed with ISPConfig)

This is my haproxy conf file:
(I will not put here the global because I don't think that it's that important)

frontend http-in
bind *:80
default_backend ispcluster

backend ispcluster
#balance source
balance roundrobin
cookie JSESSIONID prefix
#option httpchk HEAD HTTP/1.0
server web1 ul-clr-srv01.my.domain:80 cookie A check
server web2 ul-clr-srv02.my.domain:80 cookie B check

I want that haproxy also could forward SSL requests. I read a lot of stuff, but I arrived at the moment that I really don't know what I have to do in order to get ssl forwarding.

Can someone give me a hand pleaaase?

Thanks.

Regards,
Ricardo Vilhena
Reply With Quote
  #2  
Old 04-01-2012, 09:37 PM
Chris Fordham - RightScale
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by vilhena View Post
Hello. I have a high availability load balancing solution (keepalived + haproxy) with two load balancers that forward HTTP requests to 2 web servers (managed with ISPConfig)

This is my haproxy conf file:
(I will not put here the global because I don't think that it's that important)

frontend http-in
bind *:80
default_backend ispcluster

backend ispcluster
#balance source
balance roundrobin
cookie JSESSIONID prefix
#option httpchk HEAD HTTP/1.0
server web1 ul-clr-srv01.my.domain:80 cookie A check
server web2 ul-clr-srv02.my.domain:80 cookie B check

I want that haproxy also could forward SSL requests. I read a lot of stuff, but I arrived at the moment that I really don't know what I have to do in order to get ssl forwarding.

Can someone give me a hand pleaaase?

Thanks.

Regards,
Ricardo Vilhena
You can forward all TCP packets by using the TCP mode with haproxy. This means that TLS/SSL termination is actioned by the backend LB pool servers themselves.
SSL/TLS is not on the same OSI layer as HTTP and thus, you will need to terminate and/or forward those requests with a HTTP 1.1 compliant server on the frontend as opposed to haproxy.
This is fine with RightScale provided ServerTemplates, but with your own implementation, your implementation is up to you.
Without TCP mode, keep in mind you'll need to use stunnel, see http://support.rightscale.com/06-FAQ..._set_up_SSL%3F
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 03:16 PM.