Help

Wed, 07 Jul 2021 05:46:27 -0700 

Hi there.

Can I get some help from you.

I'm configuring HAProxy as a frontend on HTTPS with centified and I want 
clients to be redirect to BACKEND on HTTPS as well (443) but I want clients to 
see only HAProxy certificate, as the backend one is not valid.

Bellow the schematic of my design:

[cid:[email protected]]


So, on

This is the configuration file I'm using:


                [frontend haproxy     mode http     bind *:80     bind *:443 
ssl crt /etc/ssl/cvt.cv/accounts_cvt.pem     default_backend wso2    backend 
wso2     mode http     option forwardfor     redirect scheme https if !{ ssl_fc 
}     server my-api 10.16.18.128:443 check ssl verify none     http-request 
set-header X-Forwarded-Port %[dst_port]     http-request add-header 
X-Forwarded-Proto https if { ssl_fc }]
        [frontend web_accounts      mode tcp      bind 192.168.1.214:443      
default_backend accounts_servers    frontend web_apimanager      mode tcp      
bind 192.168.1.215:443      default_backend apimanager_servers    backend 
accounts_servers      balance roundrobin      server  accounts1 
10.16.18.128:443 check      server  accounts2 10.16.18.128:443 check    backend 
apimanager_servers      balance roundrobin      server  accounts1 
10.16.18.128:443 check      server  accounts2 10.16.18.128:443 check]



























The first one is what works but we got SSL problems due to invalid certificates 
on Backend;

The second one is what we would like, but does not work and says some erros:
[ALERT] 187/114337 (7823) : parsing [/etc/haproxy/haproxy.cfg:85] : 'bind 
*:443' : unable to load SSL private key from PEM file 
'/etc/ssl/cvt.cv/accounts_cvt.pem'.
[ALERT] 187/114337 (7823) : Error(s) found in configuration file : 
/etc/haproxy/haproxy.cfg
[ALERT] 187/114337 (7823) : Proxy 'haproxy': no SSL certificate specified for 
bind '*:443' at [/etc/haproxy/haproxy.cfg:85] (use 'crt').
[ALERT] 187/114337 (7823) : Fatal errors found in configuration.
Errors in configuration file, check with haproxy check.


This is on CentOS 6

Thank you




Melhores Cumprimentos

Anilton Fernandes | Plataformas, Sistemas e Infraestruturas
Cabo Verde Telecom, SA
Group Cabo Verde Telecom
Rua Cabo Verde Telecom, 1, Edificio CVT
198, Praia, Santiago, República de Cabo Verde
Phone: +238 3503934 | Mobile: +238 9589123 | Email - 
[email protected]<mailto:[email protected]>

[cid:[email protected]]

Attachment: image003.emz
Description: image003.emz

Attachment: oledata.mso
Description: oledata.mso

Attachment: image007.emz
Description: image007.emz

Attachment: image008.emz
Description: image008.emz

Reply via email to