/munetakaJupyterHub/Computer/2024/HAProxy/.ipynb_checkpoints/introduction-checkpoint.md

§2024-06-06

Client ---> HTTPS ---> to HAProxy ---> HTTP ---> BackendServers:

In this setup, HAProxy handles the SSL termination. This means it decrypts the HTTPS traffic from the clients and forwards the requests to the backend servers using HTTP.

Example configuration snippet:

frontend https_frontend
    bind *:443 ssl crt /path/to/your/cert.pem
    default_backend http_backends

backend http_backends
    server backend1 192.168.1.1:80 check
    server backend2 192.168.1.2:80 check

Client ---> HTTPS ---> to HAProxy ---> HTTPS ---> BackendServers:

Here, HAProxy passes through the HTTPS traffic to the backend servers without decrypting it. This is also known as SSL pass-through.

Example configuration snippet:

frontend https_frontend
    bind *:443
    mode tcp
    default_backend https_backends

backend https_backends
    mode tcp
    server backend1 192.168.1.1:443 check
    server backend2 192.168.1.2:443 check

Client ---> HTTPS ---> to HAProxy ---> HTTPS(re-encryption) ---> BackendServers:HTTPS from client to HAProxy, HTTPS from HAProxy to backend servers with re-encryption:

In this setup, HAProxy decrypts the HTTPS traffic from the clients, processes it, and then re-encrypts it before sending it to the backend servers.

Example configuration snippet:

frontend https_frontend
    bind *:443 ssl crt /path/to/your/cert.pem
    default_backend https_backends

backend https_backends
    server backend1 192.168.1.1:443 ssl check
    server backend2 192.168.1.2:443 ssl check

Question, what is check, ssl check and ssl verify none keywords differences after backend server statement?

This is my partial haproxy.cfg running on munetaka.me

# Caddy Server
frontend front_https_caddy_h2jammy_43889
     bind *:43889 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
     default_backend back_https_caddy_h2jammy_43889

 backend back_https_caddy_h2jammy_43889
     # with ssl verify none, will cause 503 service Unavailable
     server h2jammy_server h2Jammy.yushei.net:43889 check

While https://h2Jammy.yushei.net:43889 is working

When https://munetaka.me:43889 will get Client sent an HTTP request to an HTTPS server.

This is my partial haproxy.cfg running on munetaka.me

# 2024-06-05 add nextCLoud 
frontend front_https_nextCloud_45101
    bind *:45101 ssl crt /etc/letsencrypt/live/munetaka.me/haproxy.pem
    default_backend back_http_nextCloud_45101

backend  back_http_nextCloud_45101
    server nextcloud_server hc4Noble.yushei.net:45101 is check
```

http://hc4Noble.yushei.net:45101 is c