In the above examples the protocols that are being load-balanced are application protocols, where you can retain the Source IP by retrieving it from the HTTP/HTTPS header X-Forwarded-For: (obtained by the option: option forwardfor), but if you use HAProxy as a TCP layer load balancer, in order to retain the source IP(client’s IP) see the following article: Preserving the source IP of client in TCP Proxying Http-request set-header X-Forwarded-Port % # Added to create separate error and access logsīind *:443 ssl crt /etc/ssl/haproxy_certs/ Ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSSĮrrorfile 400 /etc/haproxy/errors/400.httpĮrrorfile 403 /etc/haproxy/errors/403.httpĮrrorfile 408 /etc/haproxy/errors/408.httpĮrrorfile 500 /etc/haproxy/errors/500.httpĮrrorfile 502 /etc/haproxy/errors/502.httpĮrrorfile 503 /etc/haproxy/errors/503.httpĮrrorfile 504 /etc/haproxy/errors/504.http
# For more information, see ciphers(1SSL). # Default ciphers to use on SSL-enabled listening sockets. Stats socket /run/haproxy/admin.sock mode 660 level admin
#Install haproxy on ubuntu install
The CAs are also stored as one PEM format file per CA in the directory:Īpt-get update & apt-get install haproxyĬonfigure HAproxy for HTTP and HTTPS load-balancing: The certificates for all virtualhosts being proxied are stored as one PEM format file per certificate/key combination in the directory: In the case of HTTPS requests, they are handled with the certificates by HAproxy and then proxied to the web servers as HTTP requests. In this example HTTP requests are proxied directly as HTTP requests to the HTTP web servers.