Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Foreman haproxy config for web SSL certificate with trusted CA (non puppet CA)
  • Port 4000 is dedicated for browser trusted CA
  • Port 5000 is dedicated for Foreman various components SSL client authentication via their puppet-ca certificates
  • If Hproxy is running on a dedicated server, 443 (browser) and 4443 (Foreman components) ports can be used.
global
  user root
  group root

defaults
  log     global
  mode    http
  balance roundrobin
  timeout connect 5000
  timeout client  50000
  timeout server  50000

listen stats *:9999
  stats enable
  stats uri /
  stats auth admin:password

frontend clients
  bind *:4000 ssl crt /etc/ssl/certs/foreman_web.pem

  option httpclose
  option forwardfor

  use_backend clients

frontend proxies
    bind *:5000
    option tcplog
    mode tcp
    default_backend proxies

backend clients
  balance roundrobin
  option httpchk GET /
  server web0-a localhost:443 check ssl verify none

backend proxies
  mode tcp
  balance roundrobin
  option ssl-hello-chk
  server web01 localhost:443 check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment