Develop and implement a redirect SSL HA Proxy

From EN Ikoula wiki
⧼vector-jumptonavigation⧽ ⧼vector-jumptosearch⧽

en:Develop and implement a redirect SSL HA Proxy he:לפתח וליישם הפניה פרוקסי SSL חה ro:Dezvolta si implementa un redirect SSL HA Proxy ru:Разработать и осуществить перенаправление га SSL прокси pl:Opracowanie i wdrożenie przekierowanie serwera Proxy protokołu SSL HA ja:開発し、SSL HA プロキシにリダイレクトを実装 ar:تطوير وتنفيذ إعادة توجيه SSL ها الوكيل zh:制定和执行医管局 SSL 代理重定向 de:Entwickeln Sie und implementieren Sie eine Umleitung SSL HA Proxy nl:Ontwikkelen en implementeren van een redirect SSL HA Proxy it:Sviluppare e implementare un reindirizzamento Proxy SSL HA pt:Desenvolver e implementar um redirecionamento Proxy SSL HA es:Desarrollar e implementar una redirección Proxy SSL HA fr:Mettre en place une redirection SSL HA Proxy

Introduction

You want to configure the SSL Forwarding on your HA Proxy . This article will explain the approach through a sample configuration.
This article follows the documentation fr:Configurer un HA Proxy sur Cloudstack.

Implementation

Here is the procedure to follow in order to implement the SSL Forwarding under HAProxy.
Below you will find examples of different configurations. Indeed it is possible to implement the management of SSL at different levels, for example on the load - balancer or directly on the Server Web.

SSL Termination

This first method to handle the connection HTTPS at the level of load - balancer one of the advantages of this solution is the performance gain.
Establishing a connection indeed SSL at the level of load - balancer allows to remove the weight from the operation of ServerWeb.s, once the connection established and secure the load - balancer passes this connection to the Server web.

Here is a sample configuration for SSL Termination
frontend https_frontend
  bind *:443 ssl crt /etc/ssl/certs/mon-certificat.pem
  mode http
  option httpclose
  option forwardfor
  reqadd X-Forwarded-Proto:\ https
  default_backend web_server

backend web_server
  mode http
  balance roundrobin
  cookie SRVNAME insert indirect nocache
  server web1 yyy.yyy.yyy.yyy:80 cookie WeB1 check
  server web2 zzz.zzz.zzz.zzz:80 cookie WeB2 check

SSL PassThrough

A second method to let the Serverweb s manage the connection SSL. This operation makes "transparent " the passage of the secure connection by the load - balancer .

Here is a sample configuration for SSL PassThrough
frontend https_frontend
  bind *:443
  mode tcp
  default_backend web_server

backend web_server
  mode tcp
  balance roundrobin
  cookie SRVNAME insert indirect nocache
  server web1 yyy.yyy.yyy.yyy:443 cookie WeB1 check
  server web2 zzz.zzz.zzz.zzz:443 cookie WeB2 check

SSL PassThrough IP persistently

Here is an example of configuration, allowing the user to keep its connection to one of Servers backend When passing HTTP towards HTTPSfor example on a merchant site with payment area secure.

frontend ft_http
    bind :80
    mode http
    default_backend bk_http

frontend ft_https
    bind :443
    mode tcp
    default_backend bk_https

backend bk_http
    mode http
    balance roundrobin
    stick on src table bk_https
    default-server inter 1s
    server web1 xxx.xxx.xxx.xxx:80 check id 1
    server web2 yyy.yyy.yyy.yyy:80 check id 2

backend bk_https
    mode tcp
    balance roundrobin
    stick-table type ip size 1m expire 1h
    stick on src
    default-server inter 1s
    server web1 xxx.xxx.xxx.xxx:80 check id 1
    server web2 yyy.yyy.yyy.yyy:80 check id 2



You are not allowed to post comments.

Retrieved from "https://en-wiki.ikoula.com/index.php?title=Develop_and_implement_a_redirect_SSL_HA_Proxy&oldid=12014"