This is my haproxy.cfg load balance server running at https://munetaka.me
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http_80_front
# bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/fullchain.pem key /etc/letsencrypt/live/munetaka.me/privkey.pem
bind *:443 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
default_backend http_8088_back
backend http_8088_back
server nginx_server 127.0.0.1:8088 ssl verify none
# 2024-06-05 add nextCLoud
frontend front__nextCloud_45101
bind *:45101 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
http-request set-header X-Forwarded-Proto https
default_backend back_nextCloud_45101
backend back_nextCloud_45101
server nextcloud_server hc4Noble.yushei.net:45101
# Caddy Server
frontend front_caddy_h2jammy_43889
bind *:43889 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
default_backend back_caddy_h2jammy_43889
backend back_caddy_h2jammy_43889
# mode http
# option http-server-close
server h2jammy_server h2Jammy.yushei.net:43889 ssl verify none
# server h2jammy_server h2Jammy.yushei.net:43889
# YsMeeting Service
frontend front_ysmeeting_43410
bind *:43410 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
default_backend back_ysmeeting_43410
backend back_ysmeeting_43410
# server ysmeeting_server h2nas03.yushei.com.tw:43410 ssl verify none
# will cause 503 error
server ysmeeting_server h2nas03.yushei.com.tw:43410Filter files by name
//HAProxy/ubuntuLinux/
Name
Last Modified
The followings are the backend serves and all are running http only.
-
backend server is nginx
backend http_8088_back server nginx_server 127.0.0.1:8088 ssl verify none -
backend server is nextCloud
backend back_nextCloud_45101 server nextcloud_server hc4Noble.yushei.net:45101 -
backend server is Caddy server
backend back_caddy_h2jammy_43889 # mode http # option http-server-close server h2jammy_server h2Jammy.yushei.net:43889 ssl verify none # server h2jammy_server h2Jammy.yushei.net:43889 -
backend server is mdbook
backend back_ysmeeting_43410 # server ysmeeting_server h2nas03.yushei.com.tw:43410 ssl verify none # will cause 503 error server ysmeeting_server h2nas03.yushei.com.tw:43410
All the above backend servers are running http,
[ALERT] (11433) : config : parsing [/etc/haproxy/haproxy.cfg:48] : 'default_backend' cannot handle unexpected argument 'ssl'. [ALERT] (11433) : config : parsing [/etc/haproxy/haproxy.cfg:61] : 'listen' or 'defaults' expected. [ALERT] (11433) : config : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] (11433) : config : Fatal errors found in configuration.