Skip to main content
Skip table of contents

HAProxy Configuration Guide

This guide walks you through setting up an HAProxy reverse proxy on Ubuntu 22.04 with:

  • A path-based reverse proxy where yourwebiste.com/hash points to hash.yourwebsite.com

  • HTTPS support using Let’s Encrypt via Certbot and a standalone method

Prerequisites

  • A server running Ubuntu 22.04

  • A registered domain name (e.g., yourwebsite.com)

  • DNS A record pointing yourwebsite.com to your server’s IP

Step 1: Install HAProxy

CODE 
sudo apt update
sudo apt install haproxy -y

Enable and start the HAProxy service:

CODE 
sudo systemctl enable haproxy
sudo systemctl start haproxy

Step 2: Install Certbot (Let’s Encrypt Client)

CODE 
sudo apt install certbot -y

Step 3: Generate SSL Certificate with Certbot (Standalone)

Temporarily stop HAProxy to allow Certbot to bind to port 80:

CODE 
sudo systemctl stop haproxy

Run Certbot with the standalone plugin:

CODE 
sudo certbot certonly --standalone -d yourwebsit.com

After success, your certificate will be in:

CODE 
/etc/letsencrypt/live/yourwebsite.com/fullchain.pem
/etc/letsencrypt/live/yourwebsite.com/privkey.pem

Restart HAProxy:

CODE 
sudo systemctl start haproxy

Step 4: Configure HAProxy

Edit the HAProxy config file:

CODE 
sudo nano /etc/haproxy/haproxy.cfg

Example configuration:

CODE 
global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
    stats timeout 30s
    user haproxy
    group haproxy
    daemon
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    ssl-default-bind-options no-sslv3
    ssl-default-bind-ciphers PROFILE=SYSTEM

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000

frontend http-in
    bind *:80
    redirect scheme https if !{ ssl_fc }

frontend https-in
    bind *:443 ssl crt /etc/letsencrypt/live/yoursite/yoursite.pem
    mode http

    acl is_hash path_beg /hash
    use_backend hash_backend if is_hash
    default_backend your_website_backend

backend hash_backend
    mode http
    http-request set-path "%[path,regsub(^/hash, /)]"
    http-request set-header Host hash.yoursite.com
    server apache_server hash.yoursite.com:443 ssl verify none


backend your_website_backend
    server apache_server 127.0.0.1:8080 check

Check the config:

CODE 
sudo haproxy -c -f /etc/haproxy/haproxy.cfg

Reload HAProxy:

CODE 
sudo systemctl reload haproxy

Step 5: Verify Setup

Visit:

CODE 
https://yoursite.com/hash/

It should forward the request to:

CODE 
http://hash.yoursite.com/

Step 6: Auto-Renew Certificates

Edit the crontab:

CODE 
sudo crontab -e

Add the following to renew and reload HAProxy every 12 hours:

CODE 
0 */12 * * * systemctl stop haproxy && certbot renew --quiet && systemctl start haproxy

Conclusion

You now have:

  • HAProxy running on Ubuntu 22.04

  • HTTPS via Let’s Encrypt

  • Reverse proxy from site.com/x to x.site.com

If you have any questions or feedback, please open a request on our Helpdesk.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close