HAProxy – Multiple ssl domain termination



haproxy multiple ssl domain termination

HAProxy is a fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is well suited to terminate haproxy multiple ssl domain termination.

This article is about how haproxy can terminate multiple ssl domain with their particular domain certificate.

You can concatenate all your certificates into files let’s say  domain1.pem and domain2.pem

Edit haproxy config file

vim /etc/haproxy/haproxy.cfg

Edit configuration as below ( Note: crt keyword beginning of the second certificate path).

frontend web
    mode http
    bind *:80
    bind *:443 ssl crt /etc/ssl/domain1.pem crt /etc/ssl/domain2.pem

Note: Certificate order in .pem file is very Important, Otherwise haproxy through an error.

private key -> public key -> ca key

Consider Using Haproxy in front of all production server to safeguard infrastructure on cloud or on-premise. 

If multiple domain hosted on separate server

Edit haproxy config file /etc/haproxy/haproxy.cfg

frontend web
  mode http
  bind ssl crt /certs/domain1.pem crt /certs/domain2.pem 
  use_backend bk_domain1 if { ssl_fc_sni my.domain1.com } # content switching based on SNI
  use_backend bk_domain2 if { ssl_fc_sni my.domain2.com } # content switching based on SNI

backend bk_domain1
  mode http
  server srv1 <domain1_ip>:80

backend bk_domain2
  mode http
  server srv2 <domain2_ip>:80

To Know more about SSL Termination of HAProxy click here

Happy Reading…..

Add a Comment

Your email address will not be published. Required fields are marked *