1.Create ssl certificate
openssl req \
-new \
-newkey rsa:4096 \
-days 365 \
-nodes \
-x509 \
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=example.com" \
-keyout example.com.key \
-out example.com.crt2. Create pem from above key and cert
cat example.com.crt example.com.key > example.com.pem2.update haproxy.cfg
global
daemon
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
userlist http_basic_users
group http_basic_users
user admin insecure-password Your_Password groups http_basic_users
frontend http-in
bind *:80
acl example_acl hdr(host) -i example.initedit.com
use_backend example_back if example_acl
backend example_back
acl draw-auth http_auth(http_basic_users)
http-request auth realm draw unless draw-auth
server server1 192.168.0.150:8080
frontend https-in
bind *:8889 ssl crt /usr/local/etc/haproxy/ssl/example.com.pem
http-request redirect scheme https unless { ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
acl example_acl hdr(host) -i example.com
use_backend example_back if example_acl
backend example_back
server server1 192.168.0.97:8443 check ssl verify noneMore :
https://gist.github.com/Iristyle/5005653
https://serverfault.com/questions/239749/possible-to-add-basic-http-access-authentication-via-haproxy