haproxy

Ubuntu: Creating a self-signed SAN certificate using OpenSSL

There are numerous articles I’ve written  where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through generating a self-signed certificate with SAN (Subject Alternative Name) and SAN wildcard entries, replacing the deprecated usage of CN=<FQDN>. In addition to the operational benefits of managing SAN, it is also Ubuntu: Creating a self-signed SAN certificate using OpenSSL

Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

There are numerous articles I’ve written  where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through creating a trusted CA (Certificate Authority), and then using that to sign a server certificate that supports SAN (Subject Alternative Name).  Operationally, having your own trusted CA is advantageous over a Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

HAProxy: Zero downtime reloads with HAProxy 1.8 on Ubuntu 16.04 with Systemd

This article has been updated in October 2018 and is now tested for HAProxy 1.8.14. The reload functionality in HAProxy till now has always been “not perfect but good enough”, perhaps dropping a few connections under heavy load but within parameters everyone was willing to accept. And because of the potential impact, a reload was HAProxy: Zero downtime reloads with HAProxy 1.8 on Ubuntu 16.04 with Systemd

HAProxy: Zero downtime reloads with HAProxy 1.8 on Ubuntu 14.04

This article has been updated in October 2018 and is now tested for HAProxy 1.8.14. The reload functionality in HAProxy till now has always been “not perfect but good enough”, perhaps dropping a few connections under heavy load but within parameters everyone was willing to accept. And because of the potential impact, a reload was HAProxy: Zero downtime reloads with HAProxy 1.8 on Ubuntu 14.04

HAProxy: Using HAProxy for SSL termination on Ubuntu

HAProxy is a high performance TCP/HTTP (Level 4 and Level 7) load balancer and reverse proxy.  A common pattern is allowing HAProxy to be the fronting SSL-termination point, and then HAProxy determines which pooled backend server serves the request.