HAProxy Configuration Guide

Notes on configuring HAProxy for SSL termination, timeouts, and basic routing.

Documentation

Official Onepage Guide
HAProxy 2.2 Configuration Manual
Pre-defined ACLs

Essential Sections

The Four Essential Sections of an HAProxy Configuration
Tuning Timeouts (ServerFault)

SSL Configuration

HAProxy SSL Termination Blog
Mozilla SSL Configuration Generator

Example Front-end with SSL

global
    ssl-default-bind-options ssl-min-ver TLSv1.2

frontend www.mysite.com
    bind 10.0.0.3:80
    # Enforce minimum TLS version
    bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite.pem ssl-min-ver TLSv1.2

    # Redirect HTTP to HTTPS
    http-request redirect scheme https unless { ssl_fc }
    default_backend web_servers

Access Control (ACL)

Custom Methods

How to define allowed HTTP methods in HAProxy

acl valid_method method GET HEAD
http-request deny if ! valid_method

# Routing by host
acl is-draw hdr_dom(host) -i draw.example.org
use_backend web-draw-production if is-draw

capture.req.method: Capture request method in logs.

Documentation​

Essential Sections​

SSL Configuration​

Example Front-end with SSL​

Access Control (ACL)​

Custom Methods​

Documentation

Essential Sections

SSL Configuration

Example Front-end with SSL

Access Control (ACL)

Custom Methods