Deploy Free SSL with HAproxy and LetsEncrypt

Setup HAproxy and use LetsEncryptWe’re going to use HAproxy to perform SSL termination which will then “reverse proxy” to our web server using a (free) SSL Certificate from LetsEncrypt.

7 days ago

Latest Post Ansible to Slack by Matthew Davis

Setup HAproxy and use LetsEncrypt

We’re going to use HAproxy to perform SSL termination which will then “reverse proxy” to our web server using a (free) SSL Certificate from LetsEncrypt.

Installation

CentOS/RHEL

Installing HAproxy + certbot:

$ sudo yum install -y epel-release
$ sudo yum install -y haproxy certbot

Opening the firewall:

$ sudo firewall-cmd --permanent --add-port=80/tcp
$ sudo firewall-cmd --permanent --add-port=443/tcp
$ sudo firewall-cmd --reload

Debian/Ubuntu

Installing HAproxy + certbot:

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install -y haproxy certbot

Opening the firewall:

$ sudo ufw allow http
$ sudo ufw allow https

Generating SSL Certificate using certbot

We’ll use the certbot command line tool to generate our ssl certificate for us. certbot is a command line interface to Let’sEncrypt.org’s API service. Generate certificate:

$ certbot certonly -d mydomain.com -d www.mydomain.com

Once our certificate has been generated it will live under:

$ ls -la /etc/letsencrypt/live/mydomain.com

Configuring HAproxy

/etc/haproxy/haproxy.cfg

frontend

    bind *:80
    bind *:443 ssl crt /etc/letsencrypt/live/yourdomain.com/all.pem

    use_backend www

backend www

    server node1 127.0.0.1:81 check # we will set nginx to listen on port 81
Matthew Davis

Published 7 days ago

Comments?

Leave us your opinion.

powered by Typeform