Knowledge Base | SSL
Redirect HTTP to HTTPS with HAProxy
Use the HAProxy load balancer to redirect users from HTTP to HTTPS automatically. For decades, our lives have become increasingly dependent on sending and receiving data from across the Internet. Now, with more people working, studying, and hanging with friends...
Become FIPS Compliant with HAProxy Enterprise on Red Hat Enterprise Linux 8
Guarantee strong encryption by enabling 'FIPS mode' with RHEL and HAProxy Enterprise. SSL and its successor TLS are protocols that safeguard web traffic as it crosses the Internet, encrypting communication and protecting it from tampering. However, the...
Dynamic SSL Certificate Storage in HAProxy
Use the HAProxy Runtime API to update SSL certificates in HAProxy without a reload. When you route traffic through an HAProxy load balancer, you gain the ability to terminate SSL at the load balancer. HAProxy encrypts communication between the client and itself and...
HAProxy SSL Termination
The HAProxy load balancer provides high-performance SSL termination, allowing you to encrypt and decrypt traffic. You can quickly and easily enable SSL/TLS encryption for your applications by using HAProxy SSL termination. HAProxy is compiled with OpenSSL, which...
Let’s Encrypt (ACMEv2) for HAProxy
HAProxy Technologies is proud to announce the availability of an integrated Let’s Encrypt ACMEv2 Lua client for HAProxy and HAProxy Enterprise (HAPEE). HAProxy Enterprise comes bundled with Lua support in a precompiled binary conveniently distributed using your Linux...
TLS 1.3 and 0-RTT in HAProxy
Transport Layer Security (TLS) is a cryptographic protocol that enables secure communications over a computer network. It has been in widespread use on the Internet for various services, such as e-commerce, web browsing, and instant messaging. TLS has also been made...
SSL Client Certificate Information in HTTP Headers and Logs
HAProxy and SSL HAProxy has many nice features when speaking about SSL, despite SSL has been introduced in it lately. One of those features is the client side certificate management, which has already been discussed on the blog. One thing was missing in the article,...
SSL Offloading Impact on Web Applications
SSL Offloading Nowadays, it is common (and convenient) to use the Load-Balancer SSL capabilities to cypher/uncypher traffic from clients to the web application platform. Performing SSL at the Load-Balancer Layer is called "SSL offloading", because you offload this...
SSL Client Certificate Management at Application Level
HAProxy and SSL The history of SSL in HAProxy is very short: around one month ago, we announced the ability for HAProxy to offload SSL from the servers. HAProxy SSL stack comes with some advanced features like TLS extension SNI. Well, since yesterday afternoon...
Enhanced SSL Load Balancing with Server Name Indication (SNI) TLS Extension
Synopsis Some time ago, we wrote an article which explained how to load-balance SSL services, maintaining affinity using the SSLID. The main limitation of this kind of architecture is that you must dedicate a public IP address and port per service. If you're hosting...
