Security should never be an afterthought, but even if it is, HAProxy has got your back! In this lab, we’re going to get hands-on with HAProxy, using it to secure existing HTTP connections via SSL termination at our HAProxy server. We’re also going to configure HAProxy to redirect HTTP requests to HTTPS so our sites’ guests are gently herded into more secure pastures. Upon completion of the lab, you will be able to secure an HAProxy installation to load balance HTTP/S connections.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Secure Our Sites with SSL/TLS
Let’s secure our
frontendwith SSL/TLS!Perform the following:
- Change the
frontendto bind to port 443 on all addresses.- Configure SSL/TLS, using the
/etc/haproxy/certsdirectory. - Force TLS v1.2.
- Leave the 2
backendsuntouched. - Restart the
haproxyservice. - Perform the following checks with
curl -k: - https://www.site1.com/test.txt
- https://www.site2.com/test.txt
- http://www.site1.com/test.txt
- http://www.site2.com/test.txt
- The first 2 should work, the second 2 will fail.
- Configure SSL/TLS, using the
- Change the
- Redirect HTTP Traffic to HTTPS
The final thing we want to do is to start accepting HTTP traffic again, but we need to force it to HTTPS. This way, if our users make a request using HTTP, we can enforce the use of encryption.
Perform the following:
- Change the
frontendto also bind to port 80 on all addresses, - Create a redirect to force HTTPS, unless the client is already using it,
- Leave the 2
backendsuntouched, - Restart the
haproxyservice, - Perform the following checks with
curl -kL:- https://www.site1.com/test.txt
- https://www.site2.com/test.txt
- http://www.site1.com/test.txt
- http://www.site2.com/test.txt
- All checks should work.
- Change the
