Skip to content

Instantly share code, notes, and snippets.

Created January 21, 2020 15:16
Show Gist options
  • Save patoi/430c0ca57bb59d175d9725e4c96bf14a to your computer and use it in GitHub Desktop.
Save patoi/430c0ca57bb59d175d9725e4c96bf14a to your computer and use it in GitHub Desktop.
haproxy configuration: SSL termination of the local server – haproxy running in docker container
# If you already have an haproxy.cfg file, you can probably leave the
# global and defaults section as-is, but you might need to increase the
# timeouts so that long-running CLI commands will work.
ssl-default-bind-options ssl-min-ver TLSv1.2
maxconn 4096
# log stdout local0 debug
log global
option forwardfor
option http-server-close
option httplog
option dontlognull
option redispatch
maxconn 20
timeout connect 5s
timeout client 5min
timeout server 5min
frontend www-http
bind *:80
mode http
http-request add-header X-Forwarded-Proto http
default_backend www-backend
frontend www-https
# Generating key pem:
bind *:443 ssl crt /usr/local/etc/haproxy/ssl/GENERATED.key.pem
mode http
http-request add-header X-Forwarded-Proto https
http-request set-header X-SSL %[ssl_fc]
default_backend www-backend
backend www-backend
mode http
redirect scheme https code 301 if !{ ssl_fc }
server jenkins1 DOCKER_HOST_IP:8080 verify none
Copy link

patoi commented Jan 21, 2020

  1. Create a haproxy/ssl directory.
  2. Generating the pem file in haproxy/ssl directory:
  3. Set the name of GENERATED.key.pem
  4. Set the IP of your machine: DOCKER_HOST_IP
  5. docker run -d -p 80:80 -p 443:443 --name my-running-haproxy -v /Users/patoi/work/temp/haproxy:/usr/local/etc/haproxy:ro haproxy:2.1.2

Test with and

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment