1. Create .pem files for each domain of key, crt, and intermediate cert (if any):
sudo cat DOMAIN.key DOMAIN.crt CRT_intermediate_sha2_sha1root.crt > dom1.pem
2. Edit haproxy file and have list of domain.pem files bound to port 443. Note: you also need mode=http, some variants shown
defaults
mode http
...
frontend webfarm443
bind *:443 ssl crt /etc/ssl/dom1/dom1.pem
crt /etc/ssl/dom2/dom2.pem
crt /etc/ssl/dom3/dom3.pem
# map host names to backends
#Domain1
acl host_dom1 hdr(host) -i DOMAIN1
acl host_dom1w hdr(host) -i www.DOMAIN1
use_backend DOM1_443 if host_dom1 or host_dom1w
#Domain2
acl host_dom2 hdr(host) -i DOMAIN2
acl host_dom2 hdr(host) -i www.DOMAIN2
use_backend DOM2_443 if host_dom2
#Domain3
acl host_dom3 hdr_dom(host) -i DOMAIN3
use_backend DOM3 if host_dom3
3. Test config:
sudo haproxy -c -f /etc//haproxy.cfg
- Log in to post comments