配置HAProxy支持https协议

最新推荐文章于 2021-10-17 16:00:38 发布

weixin_30408309

最新推荐文章于 2021-10-17 16:00:38 发布

阅读量281

点赞数

文章标签： java 开发工具

原文链接：http://www.cnblogs.com/JevonWei/p/7468474.html

版权

author：JevonWei
版权声明：原创作品

实现http重定向到https

HAProxy

创建CA证书
[root@HAProxy ~]# cd /etc/haproxy/
[root@HAProxy haproxy]# mkdir certs
[root@HAProxy haproxy]# cd /etc/pki/CA
[root@HAProxy CA]# (umask 077;openssl genrsa -out private/cakey.pem 4096)
[root@HAProxy CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 \\自签名证书
[root@HAProxy CA]# touch index.txt
[root@HAProxy CA]# echo 01 > serial

[root@HAProxy CA]# cd /etc/haproxy/certs/
[root@HAProxy certs]# openssl genrsa -out haproxy.key 2048
[root@HAProxy certs]# openssl req -new -key haproxy.key -out haproxy.csr
[root@HAProxy certs]# [root@HAProxy certs]# openssl ca -in haproxy.csr -out haproxy.crt
[root@HAProxy certs]# ls
haproxy.crt  haproxy.csr  haproxy.key
[root@HAProxy certs]# cat haproxy.crt haproxy.key > haproxy.pem
[root@HAProxy certs]# ll
total 12
-rw-r--r--. 1 root root    0 Aug 29 19:36 haproxy.crt
-rw-r--r--. 1 root root 1009 Aug 29 19:35 haproxy.csr
-rw-r--r--. 1 root root 1675 Aug 29 19:34 haproxy.key
-rw-r--r--. 1 root root 1675 Aug 29 19:37 haproxy.pem
[root@HAProxy certs]# chmod 600 haproxy.pem

配置haproxy网页跳转

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend https *:443
        bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
        acl static path_end .jpg .jpeg .png .gif .txt .html
        acl static path_beg /imgs /images /css
        use_backend staticsrvs  if static
        default_backend dynsrvs
    frontend http
        bind *:8080
        redirect scheme https if !{ ssl_fc }
    backend dynsrvs
        balance roundrobin
        server dynsrv1 172.16.253.105:80 check
        server dynsrv2 172.16.253.105:8080 check
    backend staticsrvs
        balance roundrobin
        server staticsrv1 172.16.253.191:80 check
        server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

配置haproxy主页跳转，即访问的http的所有内容都跳转到https的默认主页上

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend https *:443
        bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
        acl static path_end .jpg .jpeg .png .gif .txt .html
        acl static path_beg /imgs /images /css
        use_backend staticsrvs  if static
        default_backend dynsrvs
    frontend http
        bind *:8080
        redirect location https://172.16.253.108/ if !{ ssl_fc }
    backend dynsrvs
        balance roundrobin
        server dynsrv1 172.16.253.105:80 check
        server dynsrv2 172.16.253.105:8080 check
    backend staticsrvs
        balance roundrobin
        server staticsrv1 172.16.253.191:80 check
        server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

client访问测试

转载于:https://www.cnblogs.com/JevonWei/p/7468474.html

weixin_30408309

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
配置HAProxy支持https协议

author：JevonWei版权声明：原创作品实现http重定向到httpsHAProxy创建CA证书[root@HAProxy ~]# cd /etc/haproxy/[root@HAProxy haproxy]# mkdir certs[root@HAProxy haproxy]# cd /etc/pki/CA[root@HAProxy CA]# (umask 077;op...
复制链接

扫一扫