Setup TLS Offloading & PROXY Protocol for HAProxy and NGINX

HAProxy

Installation

brew install haproxy

Configuration

cat /etc/haproxy/haproxy.cfg
#HA Proxy Config global ulimit-n 500000 maxconn 99999 maxpipes 99999 tune.maxaccept 500 log stdout local0 log stdout local1 notice defaults timeout connect 5000ms timeout client 50000ms timeout server 50000ms timeout tunnel 1h frontend hivemq.mbp.local bind 127.0.0.1:8888 ssl crt /etc/haproxy/MBP.pem ca-file /etc/haproxy/rootCA.crt verify optional mode tcp default_backend hivemq mode tcp backend hivemq server mqtt1 127.0.0.1:1883 send-proxy-v2-ssl-cn

Note

Optionally, you can add send-proxy-v2-ssl send-proxy-v2 send-proxy proxy-v2-options ssl,cert-cn,ssl-cipher,cert-sig,cert-key,authority,crc32c,unique-id

See https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#5.2-proxy-v2-options

Run

NGINX

Installation

 

Configuration

 

Run