• Contact
  • Contact Us
  • Disclamer
  • Home 1
  • Home 2
  • Home 3
  • Privacy Policy
Monday, July 14, 2025
How VPS - How to use/setup VPS
  • Login
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
How VPS - How to use/setup VPS
No Result
View All Result
Home Operating System Linux

Add SSL Termination to HAProxy on Ubuntu 14.04

How VPS by How VPS
January 1, 2020
in Linux
0
0
SHARES
116
VIEWS
Share on FacebookShare on Twitter

Contents

  1. Requirements
  2. Generate Certificate and Private Key
  3. Configure HAProxy
  4. Want to contribute?


This article will walk you through setting up SSL termination on HAProxy, for encrypting traffic over HTTPS. We will be using a self-signed SSL certificate for new frontend. It is assumed that you already have HAProxy installed and configured with a standard HTTP frontend.

Requirements

  • Vultr VPS
  • HAProxy 1.5
  • Ubuntu 14.04 LTS (Should work on other versions and distribution)

Generate Certificate and Private Key

Run the following lines of code to generate a private key and a self-signed certificate that will work with HAProxy.

openssl genrsa -out /etc/ssl/private/server.key 2048
mkdir /etc/ssl/csr
openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/csr/server.csr
openssl x509 -req -days 365 -in /etc/ssl/csr/server.csr -signkey /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt
cat /etc/ssl/certs/server.crt /etc/ssl/private/server.key > /etc/ssl/certs/server.bundle.pem

Configure HAProxy

The first thing that you should do is to make sure that SSLv3 is disabled. Due to the POODLE attack, SSLv3 is no longer considered secure. All applications and servers should be using TLS 1.0 and above. Using your favorite text editor, open the file /etc/haproxy/haproxy.cfg. Inside, look for the line ssl-default-bind-options no-sslv3 under the global section. If you do not see it, add that line at the end of the section before the defaults section. This will ensure that SSLv3 is disabled globally. You can also set it inside your frontend sections, but it is recommended to disable it globally.

Onto the HTTPS setup. Create a new frontend section named web-https.

frontend web-https 
        bind public_ip:443 ssl crt /etc/ssl/certs/server.bundle.pem 
        reqadd X-Forwarded-Proto:/ https 
        rspadd Strict-Transport-Security:/ max-age=31536000 
        default_backend www-backend 

To explain:

  • bind public_ip:443 (change public_ip to your VPS public ip) tells HAProxy to listen to any request that is sent to the ip address on port 443 (the HTTPS port).
  • ssl crt /etc/ssl/certs/server.bundle.pem tells HAProxy to use the SSL certificate previously generated.
  • reqadd X-Forwarded-Proto:/ https adds the HTTPS header to the end of the incoming request.
  • rspadd Strict-Transport-Security:/ max-age=31536000 a security policy to prevent against downgrade attacks.

You do not need to make any additional changes to your backend section.

If you wish to have HAProxy use HTTPS by default, add redirect scheme https if !{ ssl_fc } to the beginning of the www-backend section. This will force HTTPS redirection.

Save your configuration and run service haproxy restart to restart HAPRoxy. Now you’re all set to use HAProxy with an SSL endpoint.

Want to contribute?

You could earn up to $300 by adding new articles

Submit your article
Suggest an update
Request an article
Previous Post

Deploy a Node.js Application Using Docker

Next Post

Installing Nginx on DirectAdmin

Next Post

Installing Nginx on DirectAdmin

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

Recent Post

Install Imagemagick on CentOS
CentOS

Install Imagemagick on CentOS

by How VPS
June 28, 2023
0

This is how I installed Imagemagick on a vanilla CentOS server Start off by installing the prerequisites yum install php-pear...

Read more
how to Check phpinfo

How to Check phpinfo of Hosting or VPS?

June 28, 2023
Failed to download metadata for repo 'appstream' on Centos 8

How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

February 25, 2022
How to Fix MySQL Error "Plugin 'InnoDB' registration as a STORAGE ENGINE failed"?

How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”?

November 17, 2020
How to optimize Mysql or MariaDB

How to optimize Mysql or MariaDB

November 3, 2020

Recent News

  • Install Imagemagick on CentOS
  • How to Check phpinfo of Hosting or VPS?
  • How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

Category

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel
  • About
  • Advertise
  • Careers
  • Contact

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In