2018-12-12

[HAProxy] Haproxy termination vs passthrough

#A/ Termination
Client--(https)-->HAPROXY--(http)-->Backend
#Source: https://www.digitalocean.com/community/tutorials/how-to-implement-ssl-termination-with-haproxy-on-ubuntu-14-04


#B/ Passthrough
Client--(https)-->HAPROXY--(https)-->Backend
#Source: https://serverfault.com/questions/738045/haproxy-to-terminate-ssl-also-send-ssl-to-backend-server
frontend app1_ssl
    bind *:443 ssl crt /etc/haproxy/certs.d/example.com.crt crt /etc/haproxy/certs.d/ no-sslv3

    option http-server-close
    option forwardfor
    reqadd X-Forwarded-Proto:\ https
    reqadd X-Forwarded-Port:\ 443

    # set HTTP Strict Transport Security (HTST) header
    rspadd  Strict-Transport-Security:\ max-age=15768000

    # some ACLs and URL rewrites...

    default_backend             backend_app1_ssl


backend backend_app1_ssl
    server mybackendserver 127.0.01:4433 ssl verify none
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)