Installation de base : https://wiki.evolix.org/HowtoHaproxy
Avec SSL : https://serversforhackers.com/c/using-ssl-certificates-with-haproxy
config de test :
- haproxy.cfg
global
log /dev/log local5
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 660 level admin
node haproxy
stats timeout 30s
ca-base /etc/ssl/certs/
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!RC4
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
defaults
mode http
log global
option httplog
option dontlognull
option forwardfor except 127.0.0.0/8 header X-Forwarded-For
option redispatch
option http-server-close
option abortonclose
retries 3
timeout http-request 10s
timeout queue 60s
timeout connect 4s
timeout client 300s
timeout server 300s
# timeout http-keep-alive 10s
# timeout check 10s
maxconn 3000
default-server port 80 maxconn 150 on-error fail-check slowstart 60s inter 30s fastinter 5s downinter 10s weight 100
frontend front
option forwardfor
maxconn 800
bind 0.0.0.0:80
http-request add-header X-Proto https if { ssl_fc }
redirect scheme https if !{ ssl_fc }
# default_backend back
frontend front_ssl
bind 0.0.0.0:443 ssl crt /etc/ssl/domaine.com.pem
http-request set-header X-Forwarded-Proto: https
default_backend back
backend back
balance roundrobin
server debian 192.168.0.23:80 check observe layer4 weight 100
server debian3 192.168.0.24:80 check observe layer4 weight 100
listen stats
bind 0.0.0.0:8080
stats enable
stats uri /haproxy
stats show-legends
stats show-node
stats realm Auth\ required
stats auth foo:bar
stats admin if TRUE