Configruation of a HAProxy for different subdomains and SSL Termination

HAProxy started in 2000 and is, besides Apache, one of the main reverse proxies and load balancer. The basic config, I would like to show here, is called haproxy.cfg. It includes the support of subdomains but no load balancing. Subdomains are located in front of the top and second-level-domain. For example, the en of https://en.wikipedia.org/ is a subdomain.

Starting with the config with the standard timeouts and location of the:

The next block contains the frontend stats. This part is optional. It requires the accessiblility to this port and allows the access to a panel with some stats via the browser

Now starts the fun, the definition of the mode and the ports, through which the traffic enters. In this case we bind to port 80 for normal http requests. The second port, we bind is port 443. It is used for SSL traffic, which can be identified by the s in https. To allow https we must provide the respective certificates, which can be obtained for example from letsencrypt.com. In this case the default path is given to the certificates in a docker container including the name of the certificate. Multiple certificates can be concatenated with the keyword crt.

In the last step of this part, we redirect all traffic, which arrives on without https to https to ensure a save connection

The next step is the splitting of the incoming traffic based on the subdomains test1 and test2 on the docker container in the network. Therefore ACL (Access Control List) must be defined. The second step includes the mapping to a backend. The first rule, which is true will be applied. Therefore, the fallback httpd is defined at the ending. Finally, the definition of the backends is shown.