Table des matières

haproxy

haproxy with several ssl subdomains

Using haproxy with certificates from startssl requires you to create a certificate.pem file that consists, in order of :

  1. your certificate file
  2. your private key

It can be generated easily with this command :

cat my.certificate.crt my.private.key > my.certificate.pem

You should then put all your pem files in a single directory and load them all at once using the following Binds on the Frontend :

:5443 ssl crt /path/to/your/ssl/directory ciphers AESGCM+AES128:AES128:AESGCM+AES256:AES256:RSA+RC4+SHA:!RSA+AES:!CAMELLIA:!aECDH:!3DES:!DSS:!PSK:!SRP:!aNULL no-sslv3

Further help can be found on the official documentation

haproxy and wordpress

Wordpress needs to know that haproxy terminates the SSL connexion, therefore, you need to add the following Option to your https Frontend :

http-request set-header X-Forwarded-Proto https if { ssl_fc }

This will set a header that you can read in wordpress. You might need to edit your wp-config.php file to add the following line (needs to be before the include of wp-settings)

 // If the proxy is doing ssl, consider it :
 if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';