hyman-海曼工具

一些简单的记录

0%

Haproxy配置支持https协议转发

发表于 更新于 分类于

haproxy版本

1
2
3
[root@localhost ~]# haproxy -v
HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau <w@1wt.eu>

生成pem文件

1
2
3
4
5
##申请通过的域名证书,下载后有两个文件1_52yifu.wang_bundle.crt和2_52yifu.wang.key
##两个文件合成一个pem文件即可

cat 1_52yifu.wang_bundle.crt 52yifu.pem | tree 52yifu.pem

http跳转https

把所有请求http://www.52yifu.wang的地址全部跳转为https://www.52yifu.com这个地址。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
defaults
    mode                    http
    log                     global
    option                  dontlognull
    option http-server-close
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
	tune.ssl.default-dh-param 2048

frontend app
    bind *:80
	acl is_http hdr_beg(host) 52yifu.wang
	redirect scheme https if !{ ssl_fc }
	bind *:443 ssl crt /etc/haproxy/ilanni.com.pem
#	acl cloud   url_sub -i /cloud
	
	use_backend app	      if cloud
	use_backend nginx	  if is_http

	default_backend       app

backend nginx
	balance source
	server web1 127.0.0.1:86 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

backend app
	balance source
	server web1 127.0.0.1:8080 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

http与https并存配置

服务器同时开放http://52yifu.wang和https://52yifu.wang的访问形式。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
defaults
    mode                    http
    log                     global
    option                  dontlognull
    option http-server-close
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
	tune.ssl.default-dh-param 2048

frontend app
    bind *:80
	acl is_http hdr_beg(host) 52yifu.wang
	redirect scheme https if !{ ssl_fc }
	bind *:443 ssl crt /etc/haproxy/ilanni.com.pem
	
	use_backend nginx	  if is_http
	default_backend       tomcat

backend nginx
	balance source
	server web1 127.0.0.1:86 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

backend tomcat
	balance source
	server web1 127.0.0.1:8080 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

frontend app443
	bind *:443 ssl crt /etc/haproxy/52yifu.pem
	acl is_443 hdr_beg(host) 52yifu.wang

	use_backend nginx443	  if is_443
	default_backend           tomcat443

backend nginx443
	balance source
	server web1 127.0.0.1:86 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

backend tomcat443
	balance source
	server web1 127.0.0.1:8080 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

同台服务器不同域名之间的https与http配置

同一台服务器对52yifu.wang域名访问的全部跳转为https://52yifu.wan,而对52yifu.com访问走http协议,也就是跳转到http://52yifu.com这个地址。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
defaults
    mode                    http
    log                     global
    option                  dontlognull
    option http-server-close
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
	tune.ssl.default-dh-param 2048

frontend weblb
	bind *:80
	acl is_com hdr_beg(host) 52yifu.com
	acl is_wang hdr_beg(host) 52yifu.wang
	redirect prefix https://52yifu.wang if is_wang

	use_backend haproxyserver if is_com

backend haproxyserver
	balance source
	server web1 127.0.0.1:9090 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

frontend weblb443
	bind *:443 ssl crt /etc/haproxy/52yifu.pem
	acl is_443 hdr_beg(host) 52yifu.wang

	use_backend httpserver443 if is_443

backend httpserver443
	balance source
	server web1 127.0.0.1:7070 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

同台服务器多域名均使用https配置

同一台服务器对52yifu.wang和52yifu.com访问走https是协议。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
defaults
    mode                    http
    log                     global
    option                  dontlognull
    option http-server-close
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
	tune.ssl.default-dh-param 2048

frontend web80
	bind *:80
	acl is_http hdr_beg(host) 52yifu.wang
	redirect scheme https if !{ ssl_fc }

	bind *:443 ssl crt /etc/haproxy/52yfiu.pem
	acl is_haproxy hdr_beg(host) 52yifu.com
	redirect scheme https if !{ ssl_fc }

	bind *:443 ssl crt /etc/haproxy/52yifu.pem
	use_backend httpserver if is_http
	use_backend haproxyserver if is_haproxy

backend httpserver
	balance source
	server web1 127.0.0.1:6060 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3

backend haproxyserver
	balance source
	server web1 127.0.0.1:9090 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3