Using haproxy with certificates from startssl requires you to create a certificate.pem
file that consists, in order of :
It can be generated easily with this command :
cat my.certificate.crt my.private.key > my.certificate.pem
You should then put all your pem files in a single directory and load them all at once using the following Binds
on the Frontend
:
:5443 ssl crt /path/to/your/ssl/directory ciphers AESGCM+AES128:AES128:AESGCM+AES256:AES256:RSA+RC4+SHA:!RSA+AES:!CAMELLIA:!aECDH:!3DES:!DSS:!PSK:!SRP:!aNULL no-sslv3
Further help can be found on the official documentation
Wordpress needs to know that haproxy terminates the SSL connexion, therefore, you need to add the following Option
to your https
Frontend
:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
This will set a header that you can read in wordpress.
You might need to edit your wp-config.php
file to add the following line (needs to be before the include of wp-settings
)
// If the proxy is doing ssl, consider it : if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';