Setup HAproxy and use LetsEncrypt

We’re going to use HAproxy to perform SSL termination which will then “reverse proxy” to our web server using a (free) SSL Certificate from LetsEncrypt.

Installation

CentOS/RHEL

Installing HAproxy + certbot:

$ sudo yum install -y epel-release
$ sudo yum install -y haproxy certbot

Opening the firewall:

$ sudo firewall-cmd --permanent --add-port=80/tcp
$ sudo firewall-cmd --permanent --add-port=443/tcp
$ sudo firewall-cmd --reload

Debian/Ubuntu

Installing HAproxy + certbot:

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install -y haproxy certbot

Opening the firewall:

$ sudo ufw allow http
$ sudo ufw allow https

 

Generating SSL Certificate using certbot

We’ll use the certbot command line tool to generate our ssl certificate for us. certbot is a command line interface to Let’sEncrypt.org’s API service. Generate certificate:

$ certbot certonly -d mydomain.com -d www.mydomain.com

Once our certificate has been generated it will live under:

$ ls -la /etc/letsencrypt/live/mydomain.com

 

Configuring HAproxy

/etc/haproxy/haproxy.cfg

frontend

    bind *:80
    bind *:443 ssl crt /etc/letsencrypt/live/yourdomain.com/all.pem

    use_backend www

backend www

    server node1 127.0.0.1:81 check # we will set nginx to listen on port 81