This role achieves a good level of SSL security as tested by SSLLabs.
In your playbook you need the following variables:
app_name: my-app
ssl_certificate: <full SSL chain including key>
haproxy:
backends: "{{ groups['production'] }}"
The vault seems to be a good place to securely store your cert. To do this you need to include it using multi-line syntax... this looks like:
ssl_certificate: |
-----BEGIN CERTIFICATE-----
REST OF CERT...
This role only works with Debian Wheezy for time being.
SSL is forced for all connections.
haproxy.backends specifies a group in your hosts. This entire group becomes your front-ends and looks for resulting server on eth1 on port specified by backend_port. We use rackspace a lot and eth1 is the internal network.
Nginx must be running on port 8080 as the backend.
It's worth checking results with SSL labs, but this should achieve A+ rating with good browser support.