Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

setting up ssl on haproxy and apache

I have two haproxy and 3 controller nodes for OpenStack Mitaka. I configure haproxy ssl key for dashboard and ceilometr in following way, but it is failed:

key : cat server.crt server.key > server.pem

key pass: /etc/pki/haproxy/server.pem

Both haproxy conf:

listen dashboard_cluster    
  bind x.x.x.250:80
  bind x.x.x.250:443 ssl crt /etc/pki/haproxy/haproxy.pem
  reqadd X-Forwarded-Proto:\ https
  redirect scheme https if !{ ssl_fc }
  balance  source
  mode http
  cookie  SERVERID insert indirect nocache
  option  tcpka
  option  httpchk
  option  tcplog
  option forwardfor
  option  httpclose
  server controller-one y.y.y..227:80 check inter 2000 rise 2 fall 5
  server controller-two y.y.y.y.228:80 cookie check inter 2000 rise 2 fall 5
  server controller-three y.y.y.229:80 cookie check inter 2000 rise 2 fall 5


listen ceilometer_api_cluster
 bind x.x.x.250:8777 ssl crt /etc/pki/haproxy/haproxy.pem
 reqadd X-Forwarded-Proto:\ https
 balance  source
 mode http
 option  tcpka
 option  tcplog
 option  httpchk
 option  httpclose
 server controller-one x.x.x.227:8777 check inter 2000 rise 2 fall 5
 server controller-two x.x.x.228:8777 check inter 2000 rise 2 fall 5
 server controller-three x.x.x.229:8777 check inter 2000 rise 2 fall 5

what is the problem??!!

setting up ssl on haproxy and apache

I have two haproxy and 3 controller nodes for OpenStack Mitaka. I configure haproxy ssl key for dashboard and ceilometr in following way, but it is failed:

key : cat server.crt server.key > server.pem

key pass: /etc/pki/haproxy/server.pem

Both haproxy conf:

listen dashboard_cluster    
  bind x.x.x.250:80
  bind x.x.x.250:443 ssl crt /etc/pki/haproxy/haproxy.pem
/etc/pki/haproxy/server.pem
  reqadd X-Forwarded-Proto:\ https
  redirect scheme https if !{ ssl_fc }
  balance  source
  mode http
  cookie  SERVERID insert indirect nocache
  option  tcpka
  option  httpchk
  option  tcplog
  option forwardfor
  option  httpclose
  server controller-one y.y.y..227:80 check inter 2000 rise 2 fall 5
  server controller-two y.y.y.y.228:80 cookie check inter 2000 rise 2 fall 5
  server controller-three y.y.y.229:80 cookie check inter 2000 rise 2 fall 5


listen ceilometer_api_cluster
 bind x.x.x.250:8777 ssl crt /etc/pki/haproxy/haproxy.pem
/etc/pki/haproxy/server.pem
 reqadd X-Forwarded-Proto:\ https
 balance  source
 mode http
 option  tcpka
 option  tcplog
 option  httpchk
 option  httpclose
 server controller-one x.x.x.227:8777 check inter 2000 rise 2 fall 5
 server controller-two x.x.x.228:8777 check inter 2000 rise 2 fall 5
 server controller-three x.x.x.229:8777 check inter 2000 rise 2 fall 5

what is the problem??!!