Setup HTTPS on HAProxy

This document setup HAProxy as load balancer.

In frontend (codimd-http) we setup as SSL offloader and redirect http protocol to https. Then pass traffics to CodiMD backend.

In backend (codimd-servers) we setup health checker for CodiMD service. it check http://127.0.0.1:3000/status and expect to get status 200 if service is working perfectly.

Configuration Example

Below is a part of configuration example in /etc/haproxy/haproxy.cfg

frontend codimd-http
	bind :80
	bind :443 ssl crt /etc/certs/md.example.com/certs.pem alpn h2,http/1.1
	mode http
	# redirect http -> https
	redirect scheme https if !{ ssl_fc }
	# add proxy header 
	option forwardfor
	http-request add-header X-Forwarded-Proto https if { ssl_fc }
	default_backend codimd-servers

backend codimd-servers
	# config health check
	option httpchk GET /status
	http-check expect status 200
	server codimd-docker-server 127.0.0.1:3000 check inter 2000 fastinter 1000 downinter 1000