Skip to content

Instantly share code, notes, and snippets.

@patmandenver
Created September 14, 2016 21:06
Show Gist options
  • Save patmandenver/9e65c1f558fef5d515387e64764bae58 to your computer and use it in GitHub Desktop.
Save patmandenver/9e65c1f558fef5d515387e64764bae58 to your computer and use it in GitHub Desktop.
Final haproxy.cfg for letsencrypt
global
log 127.0.0.1 syslog
maxconn 1000
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 4096
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
option contstats
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
###########################################
#
# HAProxy Stats page
#
###########################################
listen stats
bind *:9090
mode http
maxconn 10
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth admin:admin
###########################################
#
# Front end for all
#
###########################################
frontend ALL
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/bar.test.10x13.com.pem crt /etc/haproxy/certs/foo.test.10x13.com.pem
mode http
# Define path for lets encrypt
acl is_letsencrypt path_beg -i /.well-known/acme-challenge/
use_backend letsencrypt if is_letsencrypt
# Define hosts
acl host_foo hdr(host) -i foo.test.10x13.com
acl host_bar hdr(host) -i bar.test.10x13.com
# Direct hosts to backend
use_backend foo if host_foo
use_backend bar if host_bar
# Redirect port 80 to 443
# But do not redirect letsencrypt since it checks port 80 and not 443
redirect scheme https code 301 if !{ ssl_fc } !is_letsencrypt
###########################################
#
# Back end letsencrypt
#
###########################################
backend letsencrypt
server letsencrypt 127.0.0.1:8888
###########################################
#
# Back end for foo
#
###########################################
backend foo
balance roundrobin
option httpchk GET /check
http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 192.168.0.10:8080 check
server server2 192.168.0.11:8080 check
###########################################
#
# Back end for bar
#
###########################################
backend bar
balance roundrobin
option httpchk GET /check
http-check expect rstring ^UP$
default-server inter 3s fall 3 rise 2
server server1 192.168.0.12:8080 check
server server2 192.168.0.13:8080 check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment