HAProxy-Apache encrypt connection

Question

I have haproxy_server and apache_server in different datacenters, what is the best way to have encrypt connection between them?

It’s working with the certbotand with the following configuration:

   frontend  http_front
      bind <haproxy_IP_server>:80
      bind <haproxy_IP_server>:443 ssl crt /etc/haproxy/certs/certbot.com.pem
   backend http_back
      server <1_web_server> <1_web_server_IP>:80 check weight 1 
      server <2_web_server> <2_web_server_IP>:80 check weight 1

With this I can get my https://www.example.com site working with SSL.

But I think the connection between haproxy_server and apache_server is not encrypted? This is correct?

I need made a openvpn or Stunnel between them, or I can have encrypt connection with the following haproxy.cfg?

  backend http_back
     server <1_web_server> <1_web_server_IP>:80 check weight 1 ssl verify no

score 1 · Answer 1 · answered Apr 10 '18 at 00:33

1

You probably need

backend http_back
  server <1_web_server> <1_web_server_IP>:443 check weight 1 ssl verify none

answered Apr 10 '18 at 00:33

nuster cache server

560
2
7

I’m trying “ssl verify none” but now I have a problem with my certbot, I only can run my certbot in my haproxy_server, and give me a error when I put the certbot in my apache_server. Any ideas how solve my certbot issue? – pata2004 Apr 11 '18 at 13:36
1

What is the error? Anyway you can use self-signed certificate in apache_server if certbot is not working – nuster cache server Apr 12 '18 at 01:29

HAProxy-Apache encrypt connection

1 Answers1