I am setting up HAProxy to load balance between two web servers. Some of the pages on the site require SSL. Stunnel is handling the https connections and passing them off to haproxy (Stunnel contains the cert). HAProxy will hand off requests to the web servers using http. Will containing the web servers and haproxy in an internal network be enough to be PCI compliant? Is there anything I need to watch out for?
Ssl – HAProxy and Stunnel PCI Compliance
haproxyload balancingpci-dsssslstunnel
Related Topic
- Ssl – OpenSource (Layer 4) Load Balancer that can pass through original client IP
- Security – Our security auditor is an idiot. How to give him the information he wants
- Ssl – haproxy + stunnel + keep-alive
- Use HAproxy with SSL and X-Forwarded-For Headers – PHP SSL Configuration Guide
- Ssl – Should I use an ssl terminator or just haproxy
- Ssl – Haproxy SSL offloading
- HAProxy and Stunnel with SNIs – Is It Possible?
Best Answer
Yes, your architecture is appropriate to the standard.
https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf