Bobcares

Ansible LetsEncrypt HAProxy | How To?

PDF Header PDF Footer

Read the article to find out the method of configuring HAProxy from letsEncrypt using Ansible. Bobcares, as a part of our Server Management Services, offers solutions to every query that comes our way.

How to set up HAProxy from letsEncrypt using Ansible?

We must install an SSL/TLS certificate to bind HAProxy to HTTPS port 443 and pass it to port 8001. Let’s Encrypt provides me with a free SSL/TLS certificate. Through Certbot, the certificate request executes automatically. Certbot may also use Apache and nginx to automatically install the certificates. A unique plugin helps with the installation and the Greenhost: HAProxy plugin for Certbot from Let’s Encrypt will provide it.

Installing Certbot is the first step. They will be in an Ansible role as usual. Certbot’s configuration is very closely related to HAProxy’s configuration, so don’t build a separate role for it; instead, append the installation instructions to the bob_haproxy role.

Setting up HAProxy from letsEncrypt via Ansible

Move the first three commands for installing and configuring HAProxy from 

roles/happy1_haproxy/tasks/main.yml
 to 
roles/happy1_haproxy/tasks/install_haproxy.yml
 and write the following into main.yml instead:

ansible letsencrypt haproxy

Then create the file 

roles/bob_haproxy/tasks/install_certbot.yml
 with the following two tasks to install Certbot:

ansible letsencrypt haproxy

The following command should now run in accordance with Certbot’s HAProxy plugin instructions:

The Ansible module

openssl_dhparam
can be used for this, enter it as follows in the
install_certbot.yml
file. But first, I have to make the
/opt/certbot
target directory:

ansible letsencrypt haproxy

Now, we have to create the user certbot and launch Certbot as a user with no privileges. Then immediately remove the Create Certbot directory command and create the user before creating the dhparams.pem file because the Ansible module user also generates the home directory. Now create the following three directories:

The configuration file

/opt/certbot/.config/letsencrypt/cli.ini
must then be created on the server. The following information is saved locally in my role under
roles/happy1_haproxy/files/cli.ini
:

Then add the below code to the tasks definition file in order to copy the file to the server:

ansible letsencrypt haproxy

Next, restart HAProxy after the certificate renewal. It is quite simple to grant the certbot user access to this by adding a line to the /etc/sudoers file:

Now install the certbox-haproxy module:

Now, we must modify the haproxy.cfg.j2 file. Enter the file by Ansible, dhparams.pem first by adding a line to the end of the global section, which reads as follows:

The certbot-haproxy module with the port 8000, must also receive requests from the Let’s Encrypt server, whose path starts with /.well-known/acme-challenge. Therefore, add the following to the frontend section:

ansible letsencrypt haproxy

And at the end of haproxy.cfg.j2, provide the backend certbot:

Since the password query is defined in the bobcares_wordpress backend, the Let’s Encrypt server’s challenge requests via the path /.well-known/acme-challenge are not affected. This completes the Certbot installation tasks, and it’s time to run the Ansible playbook:

[Looking for a solution to another query? We are just a click away.]

Conclusion

To conclude, the article explains about the steps to set up HAProxy from letsEncrypt using Ansible.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Speed issues driving customers away?
We’ve got your back!

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF