Availability‎ > ‎

Create an OpenBSD 5.5 HAproxy HTTPS TCP proxy

posted Sep 5, 2014, 12:32 PM by Chris G
Assuming you already have a working OpenBSD 5.5 system, this task if very straightforward.

First, install HAproxy from your favorite repository:
pkg_add http://mirror.internode.on.net/pub/OpenBSD/5.5/packages/amd64/haproxy-1.4.24.tgz
pkg_add http://mirror.internode.on.net/pub/OpenBSD/5.5/packages/amd64/nano-2.2.6.tgz
You can then edit the HAproxy configuration file:

nano /etc/haproxy/haproxy.cfg

frontend  TEST-http-in

    bind *:80

    acl root_url url /

    redirect code 301 location https://correct.domain.com/context/ drop-query append-slash if root_url

frontend https-c-in

   bind *:443

   mode tcp

   default_backend app_servers

   acl root_url url /

   redirect code 301 location https://correct.domain.com/context/ drop-query append-slash if root_url

backend app_servers

   balance source

   mode tcp

   option ssl-hello-chk

   server  app 10.10.10.10:8443 check inter 2000 rise 2 fall 5


Last step, make sure that the service starts when the server is rebooted:
nano /etc/rc.conf

# rc.d(8) packages scripts

# started in the specified order and stopped in reverse order

pkg_scripts="haproxy"

Comments