For example, you are using this sample config And get an error: It happens because your backend server uses only h2 (http2) and due to this thread https://www.mail-archive.com/haproxy@formilux.org/msg43261.html you should set the “:authority” pseudo-header It can be done by adding ‘set-uri’ in the config
For SSL in Haproxy you need to create PEM-file and put cert plus private key. But in right order —–BEGIN MY CERTIFICATE—– —–END MY CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN INTERMEDIATE CERTIFICATE—– —–END INTERMEDIATE CERTIFICATE—– —–BEGIN ROOT CERTIFICATE—– —–END ROOT CERTIFICATE—– —–BEGIN RSA PRIVATE KEY—– —–END RSA PRIVATE KEY—–
Оставлю эту картинку тут Источник И небольшая презентация http://www.whd.global/downloads/2014/sStag1d1.pdf
Поддержка SSL появилась в HAProxy 1.5 Эта версия для Ubuntu/Debian доступна с такого репозитория sudo apt-add-repository ppa:vbernat/haproxy-1.5 sudo apt-get update sudo apt-get install haproxy