Network

Host HAProxy ALOHA over HTTPS

On this page

You can access HAProxy ALOHA’s web UI over HTTPS for heightened security. The firmware ships with a self-signed TLS certificate to help you get started. Or you can install your own TLS certificate.

Use the self-signed TLS certificate Jump to heading

HAProxy ALOHA comes with a self-signed TLS certificate that you can use to enable HTTPS. Browsers will show warnings about using this certificate, which users can click past, but it does provide a quick way of enabling HTTPS for traffic inside your corporate network. Follow these steps to use the self-signed certificate:

  1. Go to the Services tab and edit the httpd service’s setup configuration.

  2. Add the line use_https. For example:

    text
    service httpd
      ########## The web server used by WebUI and WebAPI
      # bind_port <number>        : port number to listen to (def: 4444)
      # bind_address <ip_address> : listen only to that IP address (def: all,0.0.0.0)
      # use_https                 : enable ssl (def: 0)
      # disable_sslv3             : disable sslv3 proto (def: 0)
      # tls_min_ver               : set the minimal tls version to use (1.0 to 1.3)
      #-----------
      bind_address 0.0.0.0
      bind_port 4444
      use_https
    text
    service httpd
      ########## The web server used by WebUI and WebAPI
      # bind_port <number>        : port number to listen to (def: 4444)
      # bind_address <ip_address> : listen only to that IP address (def: all,0.0.0.0)
      # use_https                 : enable ssl (def: 0)
      # disable_sslv3             : disable sslv3 proto (def: 0)
      # tls_min_ver               : set the minimal tls version to use (1.0 to 1.3)
      #-----------
      bind_address 0.0.0.0
      bind_port 4444
      use_https

  3. Click OK, then Close.

  4. From the Services tab, restart the httpd service.

    You will then be able to access HAProxy ALOHA’s web UI using https://.

  5. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

    Repeat these steps on the other HAProxy ALOHA instance. Changes to HTTPS are not synced to the other instance automatically.

Use your own TLS certificate Jump to heading

You can use your own TLS certificate instead of the default, self-signed one, which will allow browsers to not show warnings when accessing the web UI. You can also use this procedure to update your certificate before its expiration date.

  1. From the SSL tab, click Delete on the default certificate row. This is the certificate and key that you will replace.

  2. Click New.

  3. Give the certificate the name default in the Choose SSL certificate name field.

  4. Select Upload a Private Key and then either:

    • Paste your key into the box and then click Upload.
    • Browse to your key file and then click Upload.

  5. The Build Certificate Request dialog displays. Select Upload Certificate and then either:

    • Paste your existing certificate into the box and then click Upload.
    • Browse to your certificate file and then click Upload.

  6. Go to the Tools tab and click Launch terminal.

  7. Run this command to copy the updated default certificate and private key into the httpd.pem file that the web server reads:

    nix
    sudo cat /etc/ssl/frontends/default/crt.pem /etc/ssl/frontends/default/key.pem | sudo tee /etc/httpd/httpd.pem
    nix
    sudo cat /etc/ssl/frontends/default/crt.pem /etc/ssl/frontends/default/key.pem | sudo tee /etc/httpd/httpd.pem

  8. Go to the Services tab and edit the httpd service’s setup configuration.

  9. Add the line use_https. For example:

    text
    service httpd
      ########## The web server used by WebUI and WebAPI
      # bind_port <number>        : port number to listen to (def: 4444)
      # bind_address <ip_address> : listen only to that IP address (def: all,0.0.0.0)
      # use_https                 : enable ssl (def: 0)
      # disable_sslv3             : disable sslv3 proto (def: 0)
      # tls_min_ver               : set the minimal tls version to use (1.0 to 1.3)
      #-----------
      bind_address 0.0.0.0
      bind_port 4444
      use_https
    text
    service httpd
      ########## The web server used by WebUI and WebAPI
      # bind_port <number>        : port number to listen to (def: 4444)
      # bind_address <ip_address> : listen only to that IP address (def: all,0.0.0.0)
      # use_https                 : enable ssl (def: 0)
      # disable_sslv3             : disable sslv3 proto (def: 0)
      # tls_min_ver               : set the minimal tls version to use (1.0 to 1.3)
      #-----------
      bind_address 0.0.0.0
      bind_port 4444
      use_https

  10. Click OK, then Close.

  11. From the Services tab, restart the httpd service.

    You will then be able to access HAProxy ALOHA’s web UI using https://<DOMAIN NAME>:4444. For example, https://aloha.example.com:4444.

  12. To make the configuration changes persist after a reboot, go to the Setup tab and click Save within the Configuration section.

    Repeat these steps on the other HAProxy ALOHA instance. Changes to HTTPS are not synced to the other instance automatically.

Do you have any suggestions on how we can improve the content of this page?

Previous page DNS Next page IP addresses
© 2025 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences