Skip to content

Instantly share code, notes, and snippets.

@genadipost

genadipost/foreman_haproxy_web_ca.md

Created June 24, 2017 17:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save genadipost/ef894798d9b77ffc9498a9569719cc81 to your computer and use it in GitHub Desktop.
Save genadipost/ef894798d9b77ffc9498a9569719cc81 to your computer and use it in GitHub Desktop.
Download ZIP
Foreman haproxy config for web SSL certificate with trusted CA (non puppet CA)
Raw
foreman_haproxy_web_ca.md
  • Port 4000 is dedicated for browser trusted CA
  • Port 5000 is dedicated for Foreman various components SSL client authentication via their puppet-ca certificates
  • If Hproxy is running on a dedicated server, 443 (browser) and 4443 (Foreman components) ports can be used.
global
  user root
  group root

defaults
  log     global
  mode    http
  balance roundrobin
  timeout connect 5000
  timeout client  50000
  timeout server  50000

listen stats *:9999
  stats enable
  stats uri /
  stats auth admin:password

frontend clients
  bind *:4000 ssl crt /etc/ssl/certs/foreman_web.pem

  option httpclose
  option forwardfor

  use_backend clients

frontend proxies
    bind *:5000
    option tcplog
    mode tcp
    default_backend proxies

backend clients
  balance roundrobin
  option httpchk GET /
  server web0-a localhost:443 check ssl verify none

backend proxies
  mode tcp
  balance roundrobin
  option ssl-hello-chk
  server web01 localhost:443 check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment