# 0. HaProxy settings ----------------------- Frontend (overview) PRIMARY SHARED NAME ADDRESS TYPE BACKEND x shared 213.182.xxx.xxx https x 12bfree.com 213.182.xxx.xxx https 12bfree.com x moodle.12bfree.com 213.182.xxx.xxx https moodle.12bfree.com x nc.12bfree.com 213.182.xxx.xxx https nc.12bfree.com x lime.12bfree.com 213.182.xxx.xxx https lime.12bfree.com x http-to-https 213.182.xxx.xxx http FRONTEND DETAILS: ----------------- # 1. shared status: active external address: WAN address (IPv4), port 443, SSL offloading=yes type: http/https (offloading) Use "forward for" option: yes Use "httpclose" option: keep-alive (default) Certificate: 12bfree.com (LetsEncrypt) Add ACL for certificate Common Name = yes Add ACL for certificate Subject Alternative Names = yes ----------------------- # 2. 12bfree.com status: active shared frontend: yes primary frontend: shared-http actions: use backend (12bfree.com) SSL Offloading use ssl offloading: yes certificate: 12bfree.com (LetsEncrypt) Add ACL for certificate CommonName. (host header matches the "CN" of the certificate) ----------------------- # 3. moodle.12bfree.com status:active shared frontend: yes primary frontend: shared http actions: use backend (moodle.12bfree.com) SSL Offloading use ssl offloading: yes certificate: 12bfree.com (LetsEncrypt) Add ACL for certificate Alternative Names ----------------------- # 4. nc.12bfree.com status: active shared frontend: yes primary frontend: shared-http actions: use backend (nc.12bfree.com) SSL Offloading use ssl offloading: yes certificate: 12bfree.com (LetsEncrypt) Add ACL for certificate Alternative Names ----------------------- # 5. lime.12bfree.com status: active shared frontend: yes primary frontend: shared-http actions: use backend (lime.12bfree.com) SSL Offloading use ssl offloading: yes certificate: 12bfree.com (LetsEncrypt) Add ACL for certificate Alternative Names ----------------------- BACKEND OVERVIEW: ----------------------- NAME SERVERS CHECK FRONTEND 12bfree.com 1 none 12bfree.com moodle.12bfree.com 1 none moodle.12bfree.com nc.12bfree.com 1 none nc.12bfree.com lime.12bfree.com 1 none lime.12bfree.com BACKEND DETAILS: ----------------------- # 1. 12bfree.com active: yes forward-to: Address+Port address: 192.168.x.x port: 443 encrypt(SSL): yes ssl checks: yes check certificate: yes CA: LetsEncrypt, CRL: none, Client Certificate: 12bfree.com Use client IP to connect to backend servers: yes | DMZ # 2. moodle.12bfree.com (see #1) # 3. nc.12bfree.com (see #1) # 4. lime.12bfree.com (see #1)