- Port 4000 is dedicated for browser trusted CA
- Port 5000 is dedicated for Foreman various components SSL client authentication via their puppet-ca certificates
- If Hproxy is running on a dedicated server, 443 (browser) and 4443 (Foreman components) ports can be used.
global
user root
group root
defaults
log global
mode http
balance roundrobin
timeout connect 5000
timeout client 50000
timeout server 50000
listen stats *:9999
stats enable
stats uri /
stats auth admin:password
frontend clients
bind *:4000 ssl crt /etc/ssl/certs/foreman_web.pem
option httpclose
option forwardfor
use_backend clients
frontend proxies
bind *:5000
option tcplog
mode tcp
default_backend proxies
backend clients
balance roundrobin
option httpchk GET /
server web0-a localhost:443 check ssl verify none
backend proxies
mode tcp
balance roundrobin
option ssl-hello-chk
server web01 localhost:443 check