Created
March 5, 2018 16:19
-
-
Save swamibluedata/e60aa830f2a24a037fe7452f07e27545 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Become super user | |
sudo su | |
# Install haproxy | |
yum install -y haproxy | |
# Generate a self-signed certificate | |
mkdir -p /etc/ssl/certs/haproxy | |
openssl genrsa -out /etc/ssl/certs/haproxy/server.key 1024 | |
openssl req -new \ | |
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" \ | |
-key /etc/ssl/certs/haproxy/server.key -out /etc/ssl/certs/haproxy/server.csr | |
openssl x509 -req -days 3650 -in /etc/ssl/certs/haproxy/server.csr \ | |
-out /etc/ssl/certs/haproxy/server.crt \ | |
-signkey /etc/ssl/certs/haproxy/server.key | |
# Combine crt and key file into a pem file for haproxy | |
cat server.key server.crt > server.pem | |
# Create haproxy cfg for rstudio configuration. this will setup | |
# haproxy to listen on 8443 and redirect to rstudio through 127.0.0.1 | |
cat > /etc/haproxy/haproxy.cfg <<EOF | |
global | |
maxconn 1028 | |
daemon | |
user haproxy | |
group haproxy | |
tune.ssl.default-dh-param 2048 | |
defaults | |
timeout connect 5000ms | |
timeout client 50000ms | |
timeout server 50000ms | |
frontend rstudio_https_frontend | |
bind *:8443 ssl crt /etc/ssl/certs/haproxy/server.pem | |
mode http | |
option forwardfor | |
option http-server-close | |
option httpclose | |
reqadd X-Forwarded-Proto:\ https | |
default_backend rstudio_backend | |
backend rstudio_backend | |
mode http | |
timeout connect 5s | |
timeout server 30s | |
server rstudio 127.0.0.1:8787 | |
EOF | |
# Start haproxy | |
service haproxy restart | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment