Setup HAproxy and use LetsEncrypt

We’re going to use HAproxy to perform SSL termination which will then “reverse proxy” to our web server using a (free) SSL Certificate from LetsEncrypt.



Installing HAproxy + certbot:

$ sudo yum install -y epel-release
$ sudo yum install -y haproxy certbot

Opening the firewall:

$ sudo firewall-cmd --permanent --add-port=80/tcp
$ sudo firewall-cmd --permanent --add-port=443/tcp
$ sudo firewall-cmd --reload


Installing HAproxy + certbot:

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install -y haproxy certbot

Opening the firewall:

$ sudo ufw allow http
$ sudo ufw allow https


Generating SSL Certificate using certbot

We’ll use the certbot command line tool to generate our ssl certificate for us. certbot is a command line interface to Let’’s API service. Generate certificate:

$ certbot certonly -d -d

Once our certificate has been generated it will live under:

$ ls -la /etc/letsencrypt/live/


Configuring HAproxy



    bind *:80
    bind *:443 ssl crt /etc/letsencrypt/live/

    use_backend www

backend www

    server node1 check # we will set nginx to listen on port 81