Crossbar-Haproxy
HAProxy#
Use HAProxy 1.5 to create an SSL reverse proxy
If you're working from an existing install, you will likely need to remove HAProxy 1.4 before continuing. Be sure to take a backup of /etc/haproxy/haproxy.cfg
!
yum erase haproxy
We are going to build HAProxy from a source rpm
, so we need to install a few things:
yum install @development openssl-devel pcre-static pcre-devel
Then we download a source rpm
to build from:
curl -O http://dagobah.ftphosting.net/yum/SRPMS/haproxy-1.5-dev14.src.rpm
Then we build the rpm
:
rpmbuild --rebuild haproxy-1.5-dev14.src.rpm
Then we install the rpm
we just built:
rpm -Uvh rpmbuild/RPMS/x86_64/haproxy-1.5-dev14.x86_64.rpm
Let's move the original config back in place:
mv /etc/haproxy/haproxy.cfg.rpmsave /etc/haproxy/haproxy.cfg
Let's make a directory for the cert/s:
mkdir -p /etc/haproxy/certs
Put your pem
cert/key into the certs
folder:
mv certificate.pem /etc/haproxy/certs
Add the following to the /etc/haproxy/haproxy.cfg config
:
frontend whapps-ssl-in
bind *:8443 ssl crt /etc/haproxy/certs/certificate.pem
default_backend whapps
backend whapps
balance roundrobin
server localhost host.domain.com:8000 check
Restart HAProxy and enjoy!
Cleanup:#
Update the /var/www/html/config/config.js
for the new https
: and port
You may need to update the endpoint entries for existing users to point to the new https
: and port
, you can see how to do that here:
Manually Editing Database Documents#
Notes:
If you have an existing cert, ca-bundle
and key
, here's how you can make the pem
:
cat certificate.crt ca-bundle.crt private.key > certificate.pem
Hopefully it's obvious that the paths, and host names need to be updated for your environment.