Answer the question
In order to leave comments, you need to log in
How to make in haproxy that a certificate is substituted for each domain?
Hello. Tell me, please, I stumbled upon a problem, you need to make sure that when requests for a specific domain go through Haproxy, they take a certificate, the one specified in haproxy, for each domain. Here's how I do it:
frontend domain.com
bind 0.0.0.0:443 ssl crt /etc/haproxy/certs/domain.com.pem
http-request redirect scheme https if !{ ssl_fc }
option http-server-close
option httplog
option forwardfor
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
# set HTTP Strict Transport Security (HTST) header
rspadd Strict-Transport-Security:\ max-age=15768000
acl host_domain.com hdr(host) -i domain.com
use_backend domain.com if host_domain.com
backend domain.com
balance leastconn
option http-keep-alive
option forwardfor
cookie SERVERID insert indirect nocache
timeout connect 30000
timeout server 30000
server server1 1.1.1.1:443 cookie 1 ssl verify none
server server2 2.2.2.2:443 cookie 2 ssl verify none
server server3 3.3.3.3:443 cookie 4 ssl verify none
Answer the question
In order to leave comments, you need to log in
frontend domain.com
bind 0.0.0.0:443 ssl crt /etc/haproxy/certs/domain.com.pem
bind 0.0.0.0:443 ssl crt /etc/haproxy/certs/domain.com.pem crt /etc/haproxy/certs/en.domain.com.pem crt /etc/haproxy/certs/ru.domain.com.pem crt ...
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question