From 3a95bfb699b602a5ce544f375a2aba5b266a3d94 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Thu, 10 May 2018 12:02:58 +0800 Subject: [PATCH] Document updated haproxy deploy hook --- deploy/README.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/deploy/README.md b/deploy/README.md index 181989da..621e15fc 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -258,15 +258,27 @@ acme.sh --deploy -d ftp.example.com --deploy-hook strongswan ## 10. Deploy the cert to HAProxy -You must specify the path where you want the concatenated key and certificate chain written. +You must specify the file where you want the concatenated key and certificate chain written. ```sh -export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy +export DEPLOY_HAPROXY_PEM=/etc/haproxy/server.pem ``` You may optionally define the command to reload HAProxy. The value shown below will be used as the default if you don't set this environment variable. ```sh -export DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy restart" +export DEPLOY_HAPROXY_RELOAD="systemctl reload haproxy" +``` + +You may optionally specify that the issuer certificate is transferred to "${DEPLOY_HAPROXY_PEM}.issuer". This is a requirement to support OCSP stapling in HAProxy. The value shown below will be used as the default if you don't set this environment variable. + +```sh +export DEPLOY_HAPROXY_ISSUER="no" +``` + +You may optionally specify that you wish to support HAProxy's multi-cert bundle functionality. This allows serving of both RSA and ECC certificates on the same proxy. This adds a ".rsa" or ".ecc" suffix to the files generated (.pem, .ocsp and .issuer). The value shown below will be used as the default if you don't set this environment variable. + +```sh +export DEPLOY_HAPROXY_BUNDLE="no" ``` You can then deploy the certificate as follows