https://serversforhackers.com/c/letsencrypt-with-haproxy https://tecadmin.net/how-to-setup-haproxy-load-balancing-on-ubuntu-linuxmint/ * root@ecsweb:~# cat /etc/haproxy/haproxy.cfg * global * log /dev/log local0 * log /dev/log local1 notice * chroot /var/lib/haproxy * stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners * stats timeout 30s * user haproxy * group haproxy * daemon * * # Default SSL material locations * ca-base /etc/ssl/certs * crt-base /etc/ssl/private * * # Default ciphers to use on SSL-enabled listening sockets. * # For more information, see ciphers(1SSL). This list is from: * # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ * # An alternative list with additional directives can be obtained from * # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy * ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS * ssl-default-bind-options no-sslv3 * * defaults * log global * mode http * option httplog * option dontlognull * timeout connect 5000 * timeout client 50000 * timeout server 50000 * errorfile 400 /etc/haproxy/errors/400.http * errorfile 403 /etc/haproxy/errors/403.http * errorfile 408 /etc/haproxy/errors/408.http * errorfile 500 /etc/haproxy/errors/500.http * errorfile 502 /etc/haproxy/errors/502.http * errorfile 503 /etc/haproxy/errors/503.http * errorfile 504 /etc/haproxy/errors/504.http * * * # If it detects a LetsEncrypt request, is uses the LE backend * frontend ft_http * bind :80 * mode http * default_backend bk_http * frontend ft_https * bind :443 * mode tcp * default_backend bk_https * * # This is our new config that listens on port 443 for SSL connections * # bind *:443 ssl crt /etc/ssl/ecsweb.bdcom.com.bd/ecsweb.bdcom.com.bd.pem * # Redirect if HTTPS is *not* used * redirect scheme https code 301 if !{ ssl_fc } * * * # Test URI to see if its a letsencrypt request * # acl letsencrypt-acl path_beg /.well-known/acme-challenge/ * # use_backend letsencrypt-backend if letsencrypt-acl * * ## default_backend be-scalinglaravel * * ##backend be-scalinglaravel * ## balance roundrobin * * option forwardfor * http-request set-header X-Forwarded-Port %[dst_port] * http-request add-header X-Forwarded-Proto https if { ssl_fc } * * backend bk_http * mode http * balance roundrobin * #stick on src table bk_https * default-server inter 1s * server ecs.gov.bd ecs.gov.bd:80 check id 1 * server ecs.bdcom.com.bd ecs.bdcom.com.bd:80 check id 2 * #server ecsww.bdcom.com.bd ecsww.bdcom.com.bd:80 check id 3 * #server dns2.bdcom.com dns2.bdcom.com:80 check id 3 * backend bk_https * mode tcp * balance roundrobin * stick-table type ip size 200k expire 30m * stick on src * default-server inter 1s * # server ecsweb.bdcom.com.bd ecsweb.bdcom.com.bd:443 check ssl verify none * #server prohostnms.bdcom.net prohostnms.bdcom.net:443 check ssl verify none * # for 8181 haproxy panel * listen stats * bind *:8181 * stats enable * stats uri / * stats realm Haproxy\ Statistics * stats auth admin:bdc0m987 * * #backend letsencrypt-backend * # server letsencrypt 127.0.0.1:8888 [[ Haproxy ACL ]]