How to update certificates in haproxy
haproxy is often configured in Swarm environments to terminate SSL connections from S3 clients or to allow for encrypted communications to the Swarm UI and Content UI. While haproxy is not an officially supported Datacore Swarm product, it has, in the past, been preconfigured in some virtual machine images distributed by Datacore. Here is an older document explaining how to configure haproxy in Swarm environments. This document is not maintained by can be used as a reference for a user to configure haproxy.
The following instructions are intended to assist a user in updating expiring certificates. Generating the certificates is outside the scope of Datacore Support.
Steps:
Copy both the new pem and key files to the /root directory of the haproxy server
Validate the correct filename and destination for that certificate file by looking for the bind line in the /etc/haproxy/haproxy.cfg file that includes “ssl crt” like this:
bind 0.0.0.0:443 ssl crt /etc/pki/tls/certs/example.pemNext, create a single file by concatenating those two files together. Make sure to use the same filename as shown in the previous step.
cat example-new.pem example-new.key > example.pemBack up your old certificate:
cp /etc/pki/tls/certs/example.pem{,.original}Move the certificate to the correct location:
mv /root/example.pem /etc/pki/tls/certs/example.pemRestart haproxy
systemctl restart haproxyPerform these same instructions for all haproxy servers.
Open an Incognito window to your Gateways and navigate to the Swarm UI/ Content UI as usual. Verify the new certificate dates.
If that doesn’t work (the old certificates are still showing), within a few minutes, try restarting the haproxy server itself.