Jan 092017

One problem for using HTTPS was in the past that sharing DNS names with one web server was not supported. HTTP can handle this for longer.

However HTTPS also supports virtual HTTPS servers: SNI does that.

And here is how to use it with HAProxy:

frontend https-in 
        bind *:443 ssl crt /etc/haproxy/ssl/private/ 
        reqadd X-Forward-Proto:\ https 
        acl is_site1 hdr_end(host) -i www1.qw2.org 
        acl is_site2 hdr_end(host) -i www2.qw2.org 
        use_backend site1 if is_site1 
        use_backend site2 if is_site2

All the magic is in the bind line where a directory with PEM certificates (concat of fullchain.cer and the key)

Now you can have https for everything and HAProxy will handle all the secure connectivity for you.



Jan 092017

To run boxbackup on a system which uses systemd, use this little systemd service file (taken from here and modified for Ubuntu):

# /etc/systemd/system/boxclient.service
# This service file runs an Box Backup daemon that runs backups on demand.

Description=Box Backup Client

ExecStart=/usr/bin/bbackupd -F -c /etc/boxclient/bbackupd.conf

 Posted by at 17:40  Tagged with: