====== haproxy ======

===== haproxy with several ssl subdomains =====
Using haproxy with certificates from startssl requires you to create a ''certificate.pem'' file that consists, in order of : 
  - your certificate file
  - your private key

It can be generated easily with this command : 
<code bash>
cat my.certificate.crt my.private.key > my.certificate.pem
</code>

You should then put all your pem files in a single directory and load them all at once using the following ''Binds'' on the ''Frontend'' : 
<code>:5443 ssl crt /path/to/your/ssl/directory ciphers AESGCM+AES128:AES128:AESGCM+AES256:AES256:RSA+RC4+SHA:!RSA+AES:!CAMELLIA:!aECDH:!3DES:!DSS:!PSK:!SRP:!aNULL no-sslv3</code>

Further help can be found on the [[http://cbonte.github.io/haproxy-dconv/configuration-1.5.html|official documentation]]

===== haproxy and wordpress =====
Wordpress needs to know that haproxy terminates the SSL connexion, therefore, you need to add the following ''Option'' to your ''https'' ''Frontend'' :
<code>http-request set-header X-Forwarded-Proto https if { ssl_fc }</code>
This will set a header that you can read in wordpress.
You might need to edit your ''wp-config.php'' file to add the following line (needs to be before the include of ''wp-settings'')
<code php >
 // If the proxy is doing ssl, consider it :
 if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';
</code>