SSL Configuration in HAProxy.

Written by Anil kumar Sahoo Fullstack developer.

In this article, we will learn about how to configure SSL in HAProxy Load balancer. So that all HTTPS and HTTP Request comes to HAproxy load balancer then redirects to the HTTP backend server.

Here I am using ZeroSSL certificate you can use any other SSL certificate provider (Godaddy, comodo any other ) the process remains the same.

As shown in above Figure all HTTPS/HTTP request comes to HAproxy and Haproxy terminate all (both HTTPS/HTTP request ) request to HTTP.

To install SSL certificate to HAproxy, we need to have the below files.

1. ca_bundle.crt
2. certificate.crt
3. private.key

you need to merge all 3 files into a single .pem file. The sequences of the file should be certificate.crt then ca_bundle.crt then private.key file and save the file name as “your-domain-name.pem”.

-----BEGIN CERTIFICATE-----
certificate.crt file content
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
ca_bundle.crt file content
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
private.key file content
-----END RSA PRIVATE KEY-----

Once you create the final “pem” file then move the “your-domain-name.pem” file to your server where HAproxy has been installed.

I assume that you have already installed Haproxy in your server. If not then please follow my Article Installation and configuration of HAproxy.

HAProxy Configuration

Now you have to modify the HAProxy’s configuration file which is located at /etc/haproxy/haproxy.cfg on your server.

Then you need to add a “frontend” to handle incoming HTTPS connections

frontend your-domain-name 
     bind *:80
     bind *:443 ssl crt /etc/ssl/haproxyssl/your-domain-name.pem
     mode http
     default_backend web_server

That's all! Now restart the HAproxy service.

service haproxy start

Now you can access your HAproxy as https.