Skip to content

SSL Termination with HAProxy for Martini Server Runtime

HAProxy acts as a robust reverse proxy for Martini Server Runtime, enabling SSL termination to efficiently manage encrypted traffic. This guide will help you configure HAProxy to handle SSL connections, offloading the SSL workload from your application. You’ll learn how to obtain and configure SSL certificates, optimize your setup for performance, and ensure secure communication between clients and your Martini server, enhancing overall security and reliability.

Prerequisites

  • HAProxy: Ensure you have HAProxy installed on your server.
  • SSL Certificate: Obtain an SSL certificate for your-domain.com. You can use Let's Encrypt for free certificates.

Configuration

Assuming you have HAProxy installed and have your DNS configured you may follow the steps below to configure SSL Termination. Make sure to replace placeholders your-domain.com to your actual domain name.

1. Configure HAProxy

Open the HAProxy configuration file, typically located at /etc/haproxy/haproxy.cfg, and edit it to include the following configuration:

This configuration assumes Martini Server Runtime is running on the same machine and using the default port localhost:8080 if not replace server to your Martini Server Runtime desired destination. Update the paths for crt and key with the correct file paths.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
frontend https_front
    bind *:443 ssl crt /etc/ssl/certs/your-domain.com.crt key /etc/ssl/private/your-domain.com.key
    mode http
    option httplog
    log global
    acl is_https ssl_fc
    use_backend app_backend if is_https

frontend http_front
    bind *:80
    redirect scheme https if !{ ssl_fc }

backend app_backend
    server app_server localhost:8080 check
  • frontend https_front: Listens on port 443 for HTTPS traffic, using the specified SSL certificate and key.
  • frontend http_front: Listens on port 80 for HTTP traffic and redirects it to HTTPS.
  • backend app_backend: Forwards the traffic to the application running on localhost:8080.

2. Restart HAProxy

After making the configuration changes, restart HAProxy to apply them.

1
sudo systemctl restart haproxy

3. Start Martini Runtime

If Martini Runtime is not already running, start it.

4. Verify

Visit https://your-domain.com in your web browser to verify that your configuration is working.

Additional Security Settings

You may want to add some security headers or tweak your SSL settings. Here’s a basic example:

1
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

To know more about HSTS refer to HAProxy blog post: HAProxy & HTTP Strict Transport Security (HSTS)