Automation Ninja's Dojo

HAproxy – SSL domains in crt-list

I think for those using high throughput to load balancers will know HAproxy immediately. If HAproxy is something new to you – I highly recommend to scatter around and get your self familiar with this great product. I use it personally and as well recommend it ( if the requirements match ) to my customers. I thought I will create separate category especially for this awesome piece of art and will share with you some of my challenges and discoveries I came across with.

So today I will start with the fact that HAproxy supports SNI and that you can have multiple certificates assigned. If you look at internet ( or even at the documentation ) you will see its common to use syntax like :

 

What you can see here is that we are specifying certificates ( detailed way of HApoxy handles this can be found under link ) .  However I have been recently using crt-list which allows me to specify certificates for domains ( and also do filtering within that file ) .

File looks as easy as (basic no filtering ) :

 

From there in my config I use the following :

 

And thats how easy it is. In coming posts I will try to publish more interesting information abut HAproxy.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: