Login/Register
Getting error as unknown keyword ssl in haproxy configuration file
Asked Answered
sslhaproxy
B

3

6

This is my haproxy.cfg file

global
    daemon
    maxconn 256

defaults
    mode tcp
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms


frontend ft_ssltests
        mode tcp
        bind *:443 ssl crt /etc/haproxy/sslkeys/host.crt ca-file /etc/haproxy/sslkeys/host.pem
        default_backend webmail


backend webmail
        balance roundrobin
        server server1 10.198.2.76:50000 maxconn 32 check
        server server2 10.198.2.76:60000 maxconn 32 check

After restarting above config file I am getting error as shown below

service haproxy restart
[ALERT] 023/230240 (4375) : parsing [/etc/haproxy/haproxy.cfg:14] : 'bind *:443' unknown keyword 'ssl'. Registered keywords :
    [ TCP] defer-accept
    [ TCP] interface <arg>
    [ TCP] mss <arg>
    [ TCP] transparent
    [ TCP] v4v6
    [ TCP] v6only
    [STAT] level <arg>
    [UNIX] gid <arg>
    [UNIX] group <arg>
    [UNIX] mode <arg>
    [UNIX] uid <arg>
    [UNIX] user <arg>
    [ ALL] accept-proxy
    [ ALL] backlog <arg>
    [ ALL] id <arg>
    [ ALL] maxconn <arg>
    [ ALL] name <arg>
    [ ALL] nice <arg>
    [ ALL] process <arg>
[ALERT] 023/230240 (4375) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 023/230240 (4375) : Fatal errors found in configuration.
Errors found in configuration file, check it with 'haproxy check'.

Please help me to find the solution...

Bouley answered 25/1, 2016 at 7:8 Comment(0)
M
19

haproxy supports SSL starting with version 1.5.
Check which version you are running and if SSL support has been compiled. Type : 

$ haproxy -vv
HA-Proxy version 1.6.3 2015/12/25
[...]
Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
[...]

to check these two mandatory things.

Miscalculate answered 25/1, 2016 at 7:53 Comment(2)
This should be marked as the answer. OP, give some credit.Antipus
I have a newer version (like 1.9.8), but I'm also getting this error.Bascio
H
4

Install haproxy by below command with ssl switch:

make -j 4 TARGET=linux2628 USE_NS=1 USE_TFO=1 USE_OPENSSL=1 USE_ZLIB=1 USE_PCRE=1 SSL_INC=/usr/local/openssl/include SSL_LIB=/usr/local/openssl/lib

Homophile answered 18/6, 2019 at 12:5 Comment(0)
O
1

  • HAProxy needs to be built with SSL_INC and SSL_LIB flag options for TLS/SSL support

  • In my Centos7 OS VM, openssl-devel package also had to be installed apart from gcc pcre-devel tar make packages as a prerequisite

    sudo yum install -y openssl-devel gcc pcre-devel tar make

  • build

    make TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 SSL_INC=/usr/local/openssl/include SSL_LIB=/usr/local/openssl/lib

Just FYI: In debian based(ubuntu kind of) you need to install openssl with this command

sudo apt-get install libssl-dev

Organist answered 5/8, 2022 at 12:34 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.