From 7fe1c295c494f9f96fc7a1e1809b03e9f893fbd8 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Fri, 11 Mar 2016 18:16:19 +0100
Subject: [PATCH] Get HaProxy, multiple SSL domains and firewall work together

---
 README.md             | 11 +++++++++++
 templates/haproxy_cfg |  4 ++--
 2 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..6265a64
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+#HaProxy#
+
+##Instruction to prepare a certificate file##
+
+For HaProxy to terminate SSL requests we require a single PEM file with all certificate components chained together.
+
+The seqeuence of those compoenents is this:
+
+- Private Key, e.g. example.com.key.pem
+- Domain Certficate, e.g. example.com.crt.pem
+- Intermediate Certificate, e.g. example.com.ca.crt.pem
diff --git a/templates/haproxy_cfg b/templates/haproxy_cfg
index ddb0799..53436cd 100644
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -61,9 +61,9 @@ frontend http-in
   acl redirect_ssl_{{host}} hdr_dom(host) -i -f /etc/haproxy/{{host}}.ssl.list
   use_backend backend_redirect_ssl if redirect_ssl_{{host}}
 {% endfor %}
-
 {% for cert in proxy_certificates %}
-frontend https-in
+
+frontend https-in-{{ cert.ip }}
   bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3
   acl blockedip src  -i -f /etc/haproxy/blacklist
   http-request deny if blockedip
-- 
GitLab