Enable "check-ssl" and "verify none" in HAProxy configuration if certfile is false #103
Comments
danopt
changed the title
danopt
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Changes are required to make HAProxy work if certfile is specified:
"certfile: (optional): Specifies the file with the certificate in the PEM format. If the certfile is not specified or is left empty, the API server will work without SSL."
There also should be considered if verify_client is set to "required", that HAProxy probably needs certificates to communicate with the Patroni REST-API for safe requests:
"verify_client: (optional): none (default), optional or required. When none REST API will not check client certificates. When required client certificates are required for all REST API calls. When optional client certificates are required for all unsafe REST API endpoints. When required is used, then client authentication succeeds if the certificate signature verification succeeds. "
The text was updated successfully, but these errors were encountered: