allsparks place

This is an old revision of the document!

https://raymii.org/s/tutorials/haproxy_client_side_ssl_certificates.html

frontend intranet
    mode http
    bind 10.20.30.40:443 ssl crt /etc/haproxy/pem/server.pem ca-file /etc/haproxy/pem/client-chain.pem verify optional crt-ignore-err all crl-file /etc/haproxy/crl/haproxy.pem
    use_backend ssl-error unless { ssl_c_verify 0 }
    use_backend wiki if { ssl_fc_has_crt }
    default_backend helpdesk

backend wiki
    mode http
    server wiki1 10.20.10.10:80 check
    server wiki2 10.20.10.20:80 check

backend ssl-error
    mode http
    server helpdesk1 10.20.20.10:80 check
    server helpdesk2 10.20.20.20:80 check

backend expired
    mode http
    option http-server-close
    redirect location /certificate-expired.html if { ssl_c_verify 10 } ! { path /certificate-expired.html }
    redirect location /certificate-revoked.html if { ssl_c_verify 23 } ! { path /certificate-revoked.html }
    redirect location /other-certificate-error.html unless { ssl_c_verify 0 } ! { path //other-certificate-error.html }
    server helpdesk3 10.20.20.30:80 check

allsparks place

User Tools

Site Tools

**This is an old revision of the document!**

Page Tools

This is an old revision of the document!