global log /dev/log local0 chroot /var/lib/haproxy user haproxy group haproxy maxconn 1024 pidfile /var/run/haproxy.pid nbproc <processes> tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-options force-tlsv12 # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private defaults balance roundrobin timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout check 10s listen dns bind 126.96.36.199:853 ssl crt /etc/haproxy/lego/certificates/<cert>.pem mode tcp server server1 127.0.0.1:9999
If you use HA proxy For all but lightly loaded systems, you will need to tune the number of processes or threads available to HAProxy. Unlike the nginx configuration above, which specifies an automatic configuration of the number of worker processes, HAProxy needs to have these quantities set by hand. The simplest way is to set configuration item
nbproc to an appropriate number; we suggest the number of threads or processes used by the nameserver. For more advanced tuning options, including setting CPU affinity, see the HAProxy documentation or this blog post.
If you use HAProxy and have generated your certificates from Let's encrypt Encrypt then you need to combing combine the certificate chain and key into one file using a command similar to: