$ yum install -y haproxy $ chkconfig haproxy on
$ yum install -y certbot $ certbot -d *.example.com --manual --preferred-challenges dns certonly --server https://acme-v02.api.letsencrypt.org/directory $ certbot -d example.com --manual --preferred-challenges dns certonly --server https://acme-v02.api.letsencrypt.org/directory $ cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem > /etc/haproxy/star.example.com.pem $ cat /etc/letsencrypt/live/example.com-0001/fullchain.pem /etc/letsencrypt/live/example.com-0001/privkey.pem > /etc/haproxy/example.com.pem
frontend ft_ssl_vip bind 0.0.0.0:443 ssl crt /etc/haproxy/star.example.com.pem crt /etc/haproxy/example.com.pem default_backend server_pool_backend backend server_pool_backend mode http option http-server-close option forwardfor redirect scheme https if !{ ssl_fc } server server_node1 server1:80 check fall 3 rise 2 server server_node1 server2:80 check fall 3 rise 2
$ haproxy -c -f /etc/haproxy/haproxy.cfg Configuration file is valid $ service haproxy stop $ service haproxy start $ service haproxy status Redirecting to /bin/systemctl status haproxy.service ● haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2018-08-12 23:04:33 BST; 1 day 22h ago Main PID: 3547 (haproxy-systemd) CGroup: /system.slice/haproxy.service ├─3547 /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid ├─3549 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds └─3550 /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds $ curl -i https://www.example.com $ curl -i https://example.com