Question about haproxy with SSL

Discussion in 'HOWTO-Related Questions' started by wxman, Nov 28, 2009.

  1. wxman

    wxman New Member

    I thought I've read all the articles here about setting up HAProxy as a load balancer with two back end apache servers. My problem is several of our sites have SSL's, and I thought I understood that HAProxy would not works without modifications.

    I just read another article on this at http://blog.loadbalancer.org/transp...ing-pound-to-haproxy-backend-patch-and-howto/. The author claims his setup works fine with SSL's as is. I was wondering if anyone here had any opinions on if this would actually work. 'm just trying to find a way to get two apache web servers, running on Linux/Xen machines, with SSL sites, to work behind a load balancer.
     
  2. Hi, HAProxy can work natively with HTTPS sites when it is in TCP mode, just pass through all the 443 traffic (job done). If you need persistence to use src ip stick table method. OR you can use stunnel OR Pound to terminate the HTTPS then forward to HAProxy as HTTP and use HAProxy in full http mode where you can insert cookies......
    You can even make the whole thing transparent but that gets a bit tricky :). Just Google for HAProxy & TProxy...
     
  3. witoszek

    witoszek New Member

    Ssl

    Hello

    Sorry but i can not see where can i do a new post with thes theme.

    Now i will describe i've got a gateway with shorewall with nat and dnat.It's work great becouse i'v got some webpage www.awiyem.com etc...
    My configuration is modem adsl ---- Shorewall ---- server.
    Now , the problem is i need virutal ip in server and open ports for each vip's.
    With shorewall can not do it becouse i've do NAT.How can i do it now? Im studying with squid but the problem is SSL port and im not sure.
    I think if ineed to do bridge from my conection pppoe to eth1 but i thinks that is not possibel.

    My wan is PPP0 and my LAN is eth1.

    Thanks
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Please open a new thread.
     

Share This Page