HTTPS代理
服务器 | ip 地址 |
---|---|
haproxy | 10.10.10.41/24 |
apache | 10.10.10.42/24 |
apache | 10.10.10.43/24 |
第一种方式:haproxy服务器本身提供ssl证书:
步骤一: 生成证书
[root@HA tls]# openssl req -newkey rsa:1024 -nodes -keyout server.key -x509 -days 3650 -out server.crt
[root@HA ~]# cd /etc/pki/tls/
[root@HA ~]# cat server.crt server.key | tee server.pem
步骤二: 编辑配置文件在末尾添加
[root@HA ~]# vi /etc/haproxy/haproxy.cfg
frontend https_hap
bind *:80,*:443 ssl crt /etc/pki/tls/server.pem
mode http
default_backend server_http
backend server_http
mode http
balance roundrobin
server web1 10.10.10.42:80 check weight 2 fall 6
server web2 10.10.10.43:80 check weight 2 fall 6
http 自动跳转到 https
frontend http
bind *:80
redirect scheme https code 301
frontend https_hap
bind *:443 ssl crt /etc/pki/tls/server.pem
mode http
default_backend server_http
backend server_http
mode http
balance roundrobin
server web1 10.10.10.42:80 check weight 2 fall 6
server web2 10.10.10.43:80 check weight 2 fall 6