Using lets encrypt with Virtualmin and HAProxy

1 post / 0 new

Topic locked

#1 Sun, 06/05/2016 - 15:55

Brook

Using lets encrypt with Virtualmin and HAProxy

I have two sets of sites on my server. My normal Apache sites and a number of docker sites. I use HAProxy to direct traffic to the Docker containers if the domain matches, otherwise it sends all other traffic to my normal Virtualmin Apache.

All that works fine, but now I want to use https on my docker sites. My current config seems to work fine with my normal virtualmin apache sites (which I have set Virtulamin/Apache to listen on port 8080) but I can't seem to get HTTPS working. Here is my HAProxy config:

global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    # log         127.0.0.1 local2
 
    # chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
 
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats
 
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    # option forwardfor       except 127.0.0.0/8
    option forwardfor
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
 
 
frontend http-in
        bind *:80
        default_backend main_apache_sites
 
        # Define hosts
          redirect prefix http://discourse-forum-1.com code 301 if { hdr(host) -i www.discourse-forum-1.com }
        acl host_discourse hdr(host) -i discourse-forum-1.com
          redirect prefix http://discourse-forum-2.com code 301 if { hdr(host) -i www.discourse-forum-2.com }
        acl host_discourse_2 hdr(host) -i discourse-forum-2.com     
          redirect prefix http://discourse-forum-3.com code 301 if { hdr(host) -i www.discourse-forum-3.com }
        acl host_discourse_3 hdr(host) -i discourse-forum-3.com
 
        # which one to use
        use_backend discourse_docker if host_discourse
        use_backend discourse_docker_2 if host_discourse_2
        use_backend discourse_docker_3 if host_discourse_3  
 
 
backend main_apache_sites
        server server1 127.0.0.1:8080 cookie A check
        cookie JSESSIONID prefix nocache
 
backend discourse_docker
        server server2 127.0.0.1:8888 cookie A check
        cookie JSESSIONID prefix nocache
 
backend discourse_docker_2
        server server2 127.0.0.1:8889 cookie A check
        cookie JSESSIONID prefix nocache
 
backend discourse_docker_3
        server server2 127.0.0.1:8890 cookie A check
        cookie JSESSIONID prefix no cache

Anyone have any ideas on how I can get https for my docker sites?