Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Code Block
log /dev/log local0
chroot /var/lib/haproxy
user haproxy
group haproxy
maxconn 1024
pidfile /var/run/
nbproc <processes>
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-options force-tlsv12

   # Default SSL material locations
   ca-base /etc/ssl/certs
   crt-base /etc/ssl/private
balance roundrobin
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s

listen dns
bind ssl crt /etc/haproxy/lego/certificates/<cert>.pem
mode tcp
server server1

If you use HA proxy For all but lightly loaded systems, you will need to tune the number of processes or threads available to HAProxy. Unlike the nginx configuration above, which specifies an automatic configuration of the number of worker processes, HAProxy needs to have these quantities set by hand. The simplest way is to set configuration item nbproc to an appropriate number; we suggest the number of threads or processes used by the nameserver. For more advanced tuning options, including setting CPU affinity, see the HAProxy documentation or this blog post.

If you use HAProxy and have generated your certificates from Let's encrypt Encrypt then you need to combing combine the certificate chain and key into one file using a command similar to: