HAProxy and HTTPS and SNI

 Uncategorized  No Responses »
Jan 092017
 

One problem for using HTTPS was in the past that sharing DNS names with one web server was not supported. HTTP can handle this for longer.

However HTTPS also supports virtual HTTPS servers: SNI does that.

And here is how to use it with HAProxy:

frontend https-in 
        bind *:443 ssl crt /etc/haproxy/ssl/private/ 
        reqadd X-Forward-Proto:\ https 
        acl is_site1 hdr_end(host) -i www1.qw2.org 
        acl is_site2 hdr_end(host) -i www2.qw2.org 
        use_backend site1 if is_site1 
        use_backend site2 if is_site2

All the magic is in the bind line where a directory with PEM certificates (concat of fullchain.cer and the key)

Now you can have https for everything and HAProxy will handle all the secure connectivity for you.

BoxBackup Client & systemd

 Uncategorized  No Responses »
Jan 092017
 

To run boxbackup on a system which uses systemd, use this little systemd service file (taken from here and modified for Ubuntu):

# /etc/systemd/system/boxclient.service
# This service file runs an Box Backup daemon that runs backups on demand.

[Unit]
Description=Box Backup Client
Wants=network.target
After=network.target

[Service]
ExecStart=/usr/bin/bbackupd -F -c /etc/boxclient/bbackupd.conf
KillMode=process
Restart=always

[Install]
WantedBy=multi-user.target

Enable and start via

systemctl enable boxclient.service
systemctl start boxclient.service
 Posted by at 17:40  Tagged with: