HAProxy Enterprise Documentation 1.8r2
Encrypt traffic
You can implement mutual TLS/SSL authentication and encrypt traffic between HAProxy Enterprise nodes and the Stick Table Aggregator, or between intermediate and top-level aggregators.
As an example, we will encrypt traffic between the HAProxy Enterprise nodes and the Stick Table Aggregator in the single-level configuration we created in the Single-level setup section.
Note
This section builds upon the single-level setup section. Please read the Single-level setup section first.
The table below shows which certificates should be hosted on the HAProxy Enterprise cluster nodes and the aggregator:
Certificate | Description | Located on |
ca.crt | Intermediate CA or Root CA certificate. | Stick Table Aggregator and all HAProxy Enterprise nodes |
aggr1.pem | Stick Table Aggregator's CA-signed PEM-formatted TLS/SSL bundle (contains both the certificate and the private key, in this order). | Stick Table Aggregator |
hapee1.pem | HAProxy Enterprise node's CA-signed PEM-formatted TLS/SSL bundle (contains both the certificate and the private key, in this order). | HAProxy Enterprise node hapee1 |
hapee2.pem | HAProxy Enterprise node's CA-signed PEM-formatted TLS/SSL bundle (contains both the certificate and the private key, in this order). | HAProxy Enterprise node hapee2 |
Warning
The certificates contain secret keys. Copy all certificates to the machines which need them over a secure channel.
Next up
Manage the service