I’m pretty newb at certificates, but here is what I have and also what I’m trying to do.
I have domain1.com running Wordpress and domain2.com running Nextcloud. I want both services to work over 80 which has the potential to redirect to port 443 for https connections. Since these services are running on separate servers and the same ports, I have HAProxy set up in front of them as a reverse proxy, and it is currently forwarding http traffic to these sites by ACLs. Looking at some sites, I THINK I know what I’m doing in terms of setting up HAProxy, except how to deal with certs for this whole setup. domain1 and domain2 have their own unique certificate. Since I am just forwarding this traffic to whichever server is specified, how do I give HAProxy the proper certificate for the site? Do I have to copy over the certificate from each domain to HAProxy to use? If so, what file would I use?\
The server is Ubuntu Server 16.04, and I have Wordpress, Nextcloud and HAProxy running in their own LXC containers
Do you actually want HAProxy to deal with SSL and certificates at all? Because HAProxy is capable of inspecting the handshake and you could just use SSL pass-through to forward traffic. Check for example this article - https://scriptthe.net/2015/02/08/pass-through-ssl-with-haproxy/
I don’t want it to handle it, I’m just speaking with a lack of knowledge I’m not sure how well I am following that configuration…his configuration deals with one domain name it seems, so I think I am having redirect problems at this point in the http-in section of the config file. Currently I have 2 redirect lines, which I assume is wrong because here is my http-in:
It seems there is no easy way to have multiple domains inside a single network, especially requiring HTTPS. I have a very simple configuration now that’s different and I can connect to one domain with the proper certificate, but my browser gives a warning saying the connection is not secure. I still can’t connect to my second domain at all
Well, what does the haproxy log say? Is “domain1.com:443” actually a valid argument for curl? curl seems to expect a URL and domain1.com:443 is not a URL.