Ok, So now i have a working solution: crt /clouds/default crt /clouds
HOWEVER i dont suceed in using crt-list which i would prefer as it is more explicit: So i think i'm not using the right syntax to give something on a newline. bind *:443 ssl crt /etc/ssl/cloud/certs/ovh-r5-2.this-company.net.crt crt-list /etc/ssl/cloud/certs/prod-foosql.this-company.net.crt crt-list /etc/ssl/cloud/certs/foosql.this-company.net.crt crt-list /etc/ssl/cloud/certs/prod-somethelse.this-company.net.crt crt-list /etc/ssl/cloud/certs/someth-else.be.crt crt-list /etc/ssl/cloud/certs/someth-else.com.crt crt-list /etc/ssl/cloud/certs/someth-else.eu.crt crt-list /etc/ssl/cloud/certs/someth-else.fr.crt crt-list /etc/ssl/cloud/certs/someth-else.mobi.crt crt-list /etc/ssl/cloud/certs/someth-else.net.crt crt-list /etc/ssl/cloud/certs/someth-else.org.crt crt-list /etc/ssl/cloud/certs/somethelse.be.crt crt-list /etc/ssl/cloud/certs/somethelse.com.crt crt-list /etc/ssl/cloud/certs/somethelse.eu.crt crt-list /etc/ssl/cloud/certs/somethelse.fr.crt crt-list /etc/ssl/cloud/certs/somethelse.mobi.crt crt-list /etc/ssl/cloud/certs/somethelse.net.crt crt-list /etc/ssl/cloud/certs/somethelse.org.crt crt-list /etc/ssl/cloud/certs/e-nnn.somethelse.net.crt crt-list /etc/ssl/cloud/certs/too-mobile.somethelse.net.crt crt-list /etc/ssl/cloud/certs/www.someth-else.be.crt crt-list /etc/ssl/cloud/certs/www.someth-else.com.crt crt-list /etc/ssl/cloud/certs/www.someth-else.eu.crt crt-list /etc/ssl/cloud/certs/www.someth-else.fr.crt crt-list /etc/ssl/cloud/certs/www.someth-else.mobi.crt crt-list /etc/ssl/cloud/certs/www.someth-else.org.crt crt-list /etc/ssl/cloud/certs/www.somethelse.be.crt crt-list /etc/ssl/cloud/certs/www.somethelse.com.crt crt-list /etc/ssl/cloud/certs/www.somethelse.eu.crt crt-list /etc/ssl/cloud/certs/www.somethelse.fr.crt crt-list /etc/ssl/cloud/certs/www.somethelse.mobi.crt crt-list /etc/ssl/cloud/certs/www.somethelse.net.crt crt-list /etc/ssl/cloud/certs/www.somethelse.org.crt crt-list /etc/ssl/cloud/certs/www2.somethelse.com.crt crt-list /etc/ssl/cloud/certs/www2.somethelse.eu.crt crt-list /etc/ssl/cloud/certs/www2.somethelse.fr.crt crt-list /etc/ssl/cloud/certs/www2.somethelse.net.crt crt-list /etc/ssl/cloud/certs/www2.somethelse.org.crt crt-list /etc/ssl/cloud/certs/prod-c.this-company.net.crt crt-list /etc/ssl/cloud/certs/c.this-company.net.crt Gives: [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:182] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:183] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:184] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:185] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:186] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:187] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:188] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:189] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:190] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:191] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:192] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:193] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:194] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:195] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:196] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:197] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:198] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:199] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:200] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:201] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:202] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:203] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:204] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:205] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:206] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:207] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:208] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:209] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:210] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:211] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:212] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:213] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:214] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:215] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:216] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:217] : unknown keyword 'crt-list' in 'frontend' section [ALERT] 163/102836 (4640) : parsing [/etc/haproxy/extra/cloudcontroller.cfg:218] : unknown keyword 'crt-list' in 'frontend' section On 13/06/2014 10:12, Nicolas Zedde wrote: > Hi, > > You should use the crt-list option in your bind line, and use a file listing > your certificates (one per line) > > Example : > bind *:443 ssl crt-list /etc/haproxy/certificates > > Regards, > > Nicolas. > >> Hi we use here a generator for haproxy configs and this one generates >> amongst all https frontend using SNI to redirect to endspoints. >> Basically, we host lot of VMS and the host is NATing/redirecting every >> served domain to the underlying VM and when we use https. >> In other words, it terminates SSL on the haproxy front and we are using a >> certicate per VM. >> Technically, this was as simple as adding a crt <crt> for each vm... >> This setup worked fine and without a glitch for a time, but it's falling on >> one host as the generated bind line seems to be too long: -- Cordialement, KiOrKY GPG Key FingerPrint: 0x1A1194B7681112AF Pensez à l’environnement. N’imprimez ce courriel que si vous en avez vraiment besoin.
signature.asc
Description: OpenPGP digital signature