Configure HAProxy SSL Passthrough

This quick guide explains how to install HAProxy with SSL passthrough on a Centos/Rocky 8 OS. This is specific to a NSX-T Manager install but can be used/tweaked for any environment

Install HA proxy

dnf install haproxy

Configure haproxy with front and back end servers

vi /etc/haproxy/haproxy.cfg

Add following entries

frontend nsxmgr_frontend  
 bind *:443
 mode tcp
 option tcplog
 default_backend nsx_managers


backend nsx_managers
 mode tcp
 balance source
 server svr_nsx01 192.9.36.1:443 check
 server svr_nsx02 192.9.36.2:443 check
 server svr_nsx03 192.8.36.1:443 check

Note: I was able to use balance source in the options as all sources will come from different IPs. This became a particular issue when using round robin as sessions would try to hit another endpoint (nsx manager) and not be authenticated

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Share this: