Skip to main content

Install HAProxy & CertBot (LetsEncrypt)

Install HAProxy

Install HAProxy v2.4 with the following commands:

sudo add-apt-repository -y ppa:vbernat/haproxy-2.4
sudo apt update
sudo install -y haproxy

Edit the HAProxy configuration with this command:

sudo nano /etc/haproxy/haproxy.cfg

Inside the configuration, leave the global and defaults section as they are but add a frontend for stats and normal web access:

frontend stats
        bind *:8080
        stats enable
        stats uri /
        stats refresh 10s
        stats show-modules
        no log
        stats auth admin:<admin password>
        stats admin if TRUE

frontend http_fe
        bind *:80
        bind *:443 ssl crt /etc/ssl/private

        # The following redirect for non-https traffic breaks if used with Cloudflare Flexible Encryption
        redirect scheme https code 301 if !{ ssl_fc }

        # Test URI to see if it's a LetsEncrypt request
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend certbot_be if letsencrypt-acl

        # <Name of website or any comment>
        acl <acl_name> hdr_beg(host) -i <domain_prefix>.
        use_backend <backend_name> if <acl_name>

        default_backend <backend_name>

backend <backend_name>
        balance roundrobin

        option httpchk HEAD /

        option forwardfor
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request set-header X-Forwarded-Proto https if { ssl_fc }
        
        default-server check maxconn 20
        server <server_name> <server_ip>:<server_port>

backend certbot_be
        server certbot 127.0.0.1:8888

Upgrade HAProxy

If you ever need to upgrade the version to a newer version, check the following site to see if the newer version exists:

https://launchpad.net/~vbernat/+ppa-packages

If it does, use the above commands substituting in the appropriate version to add the newer version's repository and upgrade HAProxy. Once HAProxy is upgraded and verified working, use the following command to remove the old version (again substituting the old version number):

sudo add-apt-repository --remove ppa:vbernat/haproxy-2.3

Install CertBot (LetsEncrypt)

Install Certbot with the following commands:

sudo add-apt-repository -y ppa:certbot/certbot
sudo apt update
sudo apt install -y certbot

 

 

Back to top