Pound SSL Proxy

https://secwise.nl/lets-encrypt-certifcates-and-pound-load-balancer/

SSL Encryption
Create a private key to encrypt a site:

mkdir -p ~/.ssl/pound
cd ~/.ssl/pound

Generate an RSA private key for the server:

openssl genrsa -out server.key 2048

Then create the Certificate Signing Request file, or CSR.

openssl req -newkey rsa:2048 -keyout server.key -out server.csr

StartSSL has free Class 1 SSL certificates that can be used cheaply. Follow their Certificate Wizard to create the certificate.
Download their root CA certificate and the intermediate CA certificate:

cd ~/.ssl/pound
wget https://startssl.com/certs/ca.crt
wget https://startssl.com/certs/sca.server1.crt

Combine your private key, the domain's certificate (from StartCom), the intermediate certificate and the root certificate files into one PEM file for Pound to use:

cat server.key server.pem  sca.server1.crt ca.crt \
>/usr/local/etc/pound/test1.mydomain.com.pem

Add the HTTPS directive to /usr/local/etc/pound.cfg:

ListenHTTPS
  Address 1.2.3.4
  Port    443
  Disable SSLv2
  Disable SSLv3

  Cert    "/usr/local/pound/test1.mydomain.com.pem"
  SSLHonorCipherOrder 1
  Ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"

  Service
    HeadRequire "Host:.*test1.mydomain.com.*"
    BackEnd
      Address 192.168.1.11
      Port    80
    End
  End
End

Resources
Pound Reverse SSL Proxy for Multiple Servers
Pound, SSL and real Certificates, redux

Recent Updates

  • PHP
    1 year 1 month ago
    PHP 7.4
  • 1 year 1 month ago
    MariaDB 10.4.12
  • 1 year 1 month ago
    Dovecot 2.3.10
  • 1 year 1 month ago
    CentOS 6 revisions
  • 1 year 1 month ago
    Copy of the revision from Wed, 08/22/2018 - 13:39.