Apache handeling SSL requests and passing them through to HAproxy

Discussion in 'Installation/Configuration' started by gamboni, Mar 20, 2009.

  1. gamboni

    gamboni New Member


    I am trying to set up a Haproxy/Apache front end, serving requests to a number of Apache back end servers. The goal is to have Haproxy handle all http requests and since Haproxy can't handle SSL I want Apache to handle the SSL and pass them along to Haproxy. Then Haproxy should do all the reverse proxying for the rest of the back end Apache servers.

    So far I have only been able to set this up successfully for http requests handles by Haproxy but unsuccessful in getting this to work with Apache.

    Has anyone done this successfully? If yes can you provide examples of the Apache and Haproxy config please?
  2. falko

    falko Super Moderator ISPConfig Developer

    You can try to do this with Apache's reverse proxy feature.
  3. gamboni

    gamboni New Member

    Can you provide some examples as far as code for how this done please?
  4. falko

    falko Super Moderator ISPConfig Developer

  5. wxman

    wxman New Member

    I know this is an aging post, but I'm running into the same question. I have HAProxy/heartbeat on one virtual node, and my web server on another. Then the whole thing is duplicated on a second machine. I need to run SSL on a few of my web sites, and I'm using ISPConfig 3. My question is, what to do with ISPConfig? Do you install it on both nodes? If it's installed on the web server node, like it is now, how does it handle the certificate installations? Do you have to install the certificates on both nodes? As you can see, I'm a bit confused.
  6. jbimmerle

    jbimmerle New Member

    Anyone have any ideas on what would be done in this scenario? I too am curious as I have a similar setup in mind.

    Also -- is it confirmed that HAProxy doesn't work with SSL? If it does, would the SSL certificates need to be installed on the load balancers (I plan to have two) or on the webservers? Since the virtual IPs are pointed to the load balancers, I would assume the certificates needed to be on those servers since they are tied to specific IP addresses? Or am I way off base?


Share This Page