Setup TLS Offloading & PROXY Protocol for HAProxy and NGINX
HAProxy
Installation
brew install haproxy
Configuration
cat /etc/haproxy/haproxy.cfg
#HA Proxy Config
global
ulimit-n 500000
maxconn 99999
maxpipes 99999
tune.maxaccept 500
log stdout local0
log stdout local1 notice
defaults
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
timeout tunnel 1h
frontend hivemq.mbp.local
bind 127.0.0.1:8888 ssl crt /etc/haproxy/MBP.pem ca-file /etc/haproxy/rootCA.crt verify optional
mode tcp
default_backend hivemq
mode tcp
backend hivemq
server mqtt1 127.0.0.1:1883 send-proxy-v2-ssl-cn
Note
Optionally, you can add send-proxy-v2-ssl send-proxy-v2 send-proxy proxy-v2-options ssl,cert-cn,ssl-cipher,cert-sig,cert-key,authority,crc32c,unique-id
See https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#5.2-proxy-v2-options
Run
NGINX
Installation
Configuration
Run