Configure HA Proxy for Load Balancing with SSL Termination and SSL Pass-through

 

http://virtuallyhyper.com/2013/05/configure-haproxy-to-load-balance-sites-with-ssl/

 

frontend unsecured *:80 
mode http
redirect prefix
https://foo.bar.com
#--------------------------------------------------------------------- #
frontend secured
#---------------------------------------------------------------------
 frontend secured *:443
mode tcp
default_backend app
 #--------------------------------------------------------------------- # 
round robin balancing between the various backends
#--------------------------------------------------------------------- #
backend app 
mode tcp
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check

 

http://stackoverflow.com/questions/13227544/haproxy-redirecting-http-to-https-ssl

 

HAProxy SSL SNI Configuration

 

 

http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/

 

Adding SSL Cert

 

Create SSL Bundle in this order

certificate, intermediate, intermediate, key,


Should modify haproxy.cfg to look like this


 

# Single VIP with sni content switching
frontend ft_ssl_vip
bind 10.10.10.0:443 ssl crt /etc/ssl/certs/your.bundle.pem
mode tcp

 



Creds:

http://serverfault.com/questions/622206/haproxy-1-5-3-openssl-creating-pem