Hi there…
Can I get another HELP:
This time, I want to receive a request, and check for URL to know which backend
should be call.
This is my config:
frontend web_accounts
mode tcp
bind 10.15.1.12:443
default_backend accounts_servers
frontend web_apimanager
mode tcp
bind 10.15.1.13:443
use_backend apiservices if { path_beg /api/ }
# IF THERE’S API ON THE URL SEND TO APISERVICES
use_backend apimanager unless { path_beg /api } # IF
THERE’S NOT API, SEND IT TO APIMANAGER
backend accounts_servers
mode tcp
balance roundrobin
server accounts1 10.16.18.128:443 check
backend apimanager
mode tcp
balance roundrobin
server apimanager1 10.16.18.129:9445 check
backend apiservices
mode tcp
balance roundrobin
server apimanagerqa.cvt.cv 10.16.18.129:8245 check
Thank you
From: Emerson Gomes [mailto:emerson.go...@gmail.com]
Sent: 7 de julho de 2021 12:34
To: Anilton Silva Fernandes <anilton.fernan...@cvt.cv>
Cc: haproxy@formilux.org
Subject: Re: Help
Hello Anilton,
In the "bind *:443" line, do not specify a PEM file directly, but only the
directory where your PEM file(s) resides.
Also, make sure that both the certificate and private key are contained within
the same PEM file.
It should look like this:
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
BR.,
Emerson
Em qua., 7 de jul. de 2021 às 14:47, Anilton Silva Fernandes
<anilton.fernan...@cvt.cv<mailto:anilton.fernan...@cvt.cv>> escreveu:
Hi there.
Can I get some help from you.
I’m configuring HAProxy as a frontend on HTTPS with centified and I want
clients to be redirect to BACKEND on HTTPS as well (443) but I want clients to
see only HAProxy certificate, as the backend one is not valid.
Bellow the schematic of my design:
[cid:image001.png@01D77A35.28392CD0]
So, on
This is the configuration file I’m using:
[frontend haproxy mode http bind *:80 bind *:443 ssl crt
/etc/ssl/cvt.cv/accounts_cvt.pem default_backend wso2 backend wso2
mode http option forwardfor redirect scheme https if !{ ssl_fc }
server my-api 10.16.18.128:443 check ssl verify none http-request
set-header X-Forwarded-Port %[dst_port] http-request add-header
X-Forwarded-Proto https if { ssl_fc }]
[frontend web_accounts mode tcp bind 192.168.1.214:443
default_backend accounts_servers frontend web_apimanager mode tcp
bind 192.168.1.215:443 default_backend apimanager_servers backend
accounts_servers balance roundrobin server accounts1
10.16.18.128:443 check server accounts2 10.16.18.128:443 check backend
apimanager_servers balance roundrobin server accounts1
10.16.18.128:443 check server accounts2 10.16.18.128:443 check]
The first one is what works but we got SSL problems due to invalid certificates
on Backend;
The second one is what we would like, but does not work and says some erros:
[ALERT] 187/114337 (7823) : parsing [/etc/haproxy/haproxy.cfg:85] : 'bind
*:443' : unable to load SSL private key from PEM file
'/etc/ssl/cvt.cv/accounts_cvt.pem<http://cvt.cv/accounts_cvt.pem>'.
[ALERT] 187/114337 (7823) : Error(s) found in configuration file :
/etc/haproxy/haproxy.cfg
[ALERT] 187/114337 (7823) : Proxy 'haproxy': no SSL certificate specified for
bind '*:443' at [/etc/haproxy/haproxy.cfg:85] (use 'crt').
[ALERT] 187/114337 (7823) : Fatal errors found in configuration.
Errors in configuration file, check with haproxy check.
This is on CentOS 6
Thank you
Melhores Cumprimentos
Anilton Fernandes | Plataformas, Sistemas e Infraestruturas
Cabo Verde Telecom, SA
Group Cabo Verde Telecom
Rua Cabo Verde Telecom, 1, Edificio CVT
198, Praia, Santiago, República de Cabo Verde
Phone: +238 3503934 | Mobile: +238 9589123 | Email –
anilton.fernan...@cvt.cv<mailto:anilton.fernan...@cvt.cv>
[cid:image001.jpg@01D5997A.B9848FB0]
