Hi yeukhon - thanks for comment.

No issues so far with prototypebrewery.io, but it's just couple of days since we switched. We don't have massive traffic there and 99.9% is from newest modern browsers. Still, I hope with fallback to HTTP/1.1 we're safe, don't you think?

Well, presented Nginx config wasn't complete, was on purpose minimalistic, just to show the idea.

HAProxy though was complete (and that was the focus of the article) and with that set-up we have A+ on ssllabs.com.

Thanks for the feedback, Ambroos.

The HAProxy makes sense only if you need a load balancer in front of several Nginx back-end server. In case of just one instance of Nginx you wouldn't use this configuration. I actually make an amend in the article to make it clear.

Nginx still has setup for HTTPS in the presented configuration. And why not - it doesn't do any damage and has a couple of benefits. You might still want to access Nginx nodes without HAProxy layer, e.g. for monitoring/debugging purposes. Also, if your developers use this setup on their laptops (with Docker images), they can run a smaller stack, without HAProxy, while developing the app. IMO very useful feature.

Hi,

I'm co-founder of Typostrap. We wrote quite elaborately about the idea behind the project, motives and vision in the blog post: http://typostrap.io/blog/typostrap-revolutionary-approach-to...

What do you think?