haproxy https实现

一、实验环境

一、准备后端服务器

# yum -y install nginx
# echo "10.0.0.7" > /usr/share/nginx/html/index.html   #web1
# echo "10.0.0.17" > /usr/share/nginx/html/index.html   #web2
# systemctl restart nginx

二、准备CA证书

实现自签名CA证书,请参考章节:实现https
合并证书文件

cat demo.key demo.crt > demo.pem
mv demo.pem /etc/haproxy/certs/haproxy.pem

三、配置haproxy

# yum -y install haproxy
# cat  /etc/haproxy/haproxy.cfg |grep -v "^#"

global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend http_port
    bind 10.0.0.8:80
    bind 10.0.0.8:443 ssl crt /etc/haproxy/certs/haproxy.pem  #实现CA
    redirect scheme https if !{ ssl_fc }    #实现https跳转
    balance roundrobin
    default_backend	web_hosts	
backend web_hosts
    balance     roundrobin
    server	web1	10.0.0.7:80 check inter 2000 fall 3 rise 5
    server	web2	10.0.0.17:80 check inter 2000 fall 3 rise 5


#重启haproxy服务
# systemctl restart haproxy

四、访问测试

[root@7-2 ~]#while :;do curl https://10.0.0.8 -k;sleep 0.5;done
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
10.0.0.17
10.0.0.7
....

在Windows客户端访问10.0.0.8,实现了自动跳转https

posted @   火火7412  阅读(55)  评论(0编辑  收藏  举报
相关博文:
·  编译安装haproxy
·  编译安装nginx,实现多域名 https
·  haproxy https实现
·  HAProxy https实现
·  Linux-haproxy实现https
阅读排行:
· 25岁的心里话
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 一起来玩mcp_server_sqlite,让AI帮你做增删改查!!
· 零经验选手,Compose 一天开发一款小游戏!
点击右上角即可分享
微信分享提示