Configure HAProxy for the Service Portal

This article shows an example of configuring HAProxy to access a Service Portal at a designated domain name using a reverse proxy.

начало внимание

Before you start, you need to enable and activate a Service Portal.

конец внимание

We also recommend configuring HAProxy for ELMA365 with a reverse proxy based on the instructions in the Configure HAProxy to use ELMA365 behind a reverse proxy article.

The following data is used in the example:

• /_portal/orders. Name of the workspace with an activated portal.
• portal-elma365client.domain.com. The Service Portal domain name.
• 192.168.1.10. IP address of the server with the ELMA365 application.

Here is an example of reverse proxy configuration to access a Service Portal at a designated domain with HAProxy:

global
   maxconn 10000
   log /dev/log   local0
   log /dev/log   local1 notice
   chroot /var/lib/haproxy
   stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
   stats timeout 30s
   user haproxy
   group haproxy
   daemon
 
   ca-base /etc/ssl/certs
   crt-base /etc/ssl/private
 
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
 
defaults
   log   global
   mode   http
   option   httplog
   option   dontlognull
   timeout connect 5000
   timeout client  50000
   timeout server  50000
   errorfile 400 /etc/haproxy/errors/400.http
   errorfile 403 /etc/haproxy/errors/403.http
   errorfile 408 /etc/haproxy/errors/408.http
   errorfile 500 /etc/haproxy/errors/500.http
   errorfile 502 /etc/haproxy/errors/502.http
   errorfile 503 /etc/haproxy/errors/503.http
   errorfile 504 /etc/haproxy/errors/504.http
 
frontend elma365_portal
       mode http
       bind *:80
       bind *:443 ssl crt /etc/ssl/private/elma365.pem
       redirect scheme https code 301 unless { ssl_fc }
       maxconn 10000
 
       acl elma365 hdr(host) -i portal-elma365client.domain.com
       use_backend elma365_server if elma365
 
backend elma365_server
       mode http
       balance leastconn
       option forwardfor
       option httpclose
 
       acl elma365_portal_url url_beg -i /_portal/orders 
       acl elma365_redirect url -i /index.html
       acl elma365_portal_addr url_reg -i ^.+.(jpg|jpeg|gif|png|svg|ico|js|woff|woff|woff2|css|po)$
       acl elma365_portal_addr url_beg -i /ws /api /s3elma365 /guard /assets
 
       http-request redirect code 301 prefix /_portal/orders  if elma365_redirect OR !elma365_portal_url !elma365_portal_addr
       http-request deny if !elma365_portal_url !elma365_portal_addr !elma365_redirect
 
       server elma365-1 192.168.1.10:443 verify none check ssl

During installation or reconfiguration, in the Enter ELMA365 domain name (FQDN) or IP address field, specify elma365client.domain.com as the external domain that ELMA365 will be available at and enable SSL termination.

Was this helpful?

Thanks for your feedback!

Please specify why:

Recommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

How we can improve it?

YesNo

Please specify whyRecommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

Found a typo? Highlight the text, press ctrl + enter and notify us