zoukankan      html  css  js  c++  java

  • 配置HAProxy支持https协议

    author:JevonWei
    版权声明:原创作品

    实现http重定向到https

    HAProxy

    创建CA证书
[root@HAProxy ~]# cd /etc/haproxy/
[root@HAProxy haproxy]# mkdir certs
[root@HAProxy haproxy]# cd /etc/pki/CA
[root@HAProxy CA]# (umask 077;openssl genrsa -out private/cakey.pem 4096)
[root@HAProxy CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 \自签名证书
[root@HAProxy CA]# touch index.txt
[root@HAProxy CA]# echo 01 > serial

[root@HAProxy CA]# cd /etc/haproxy/certs/
[root@HAProxy certs]# openssl genrsa -out haproxy.key 2048
[root@HAProxy certs]# openssl req -new -key haproxy.key -out haproxy.csr
[root@HAProxy certs]# [root@HAProxy certs]# openssl ca -in haproxy.csr -out haproxy.crt
[root@HAProxy certs]# ls
haproxy.crt  haproxy.csr  haproxy.key
[root@HAProxy certs]# cat haproxy.crt haproxy.key > haproxy.pem
[root@HAProxy certs]# ll
total 12
-rw-r--r--. 1 root root    0 Aug 29 19:36 haproxy.crt
-rw-r--r--. 1 root root 1009 Aug 29 19:35 haproxy.csr
-rw-r--r--. 1 root root 1675 Aug 29 19:34 haproxy.key
-rw-r--r--. 1 root root 1675 Aug 29 19:37 haproxy.pem
[root@HAProxy certs]# chmod 600 haproxy.pem

    配置haproxy网页跳转

    [root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend https *:443
        bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
        acl static path_end .jpg .jpeg .png .gif .txt .html
        acl static path_beg /imgs /images /css
        use_backend staticsrvs  if static
        default_backend dynsrvs
    frontend http
        bind *:8080
        redirect scheme https if !{ ssl_fc }
    backend dynsrvs
        balance roundrobin
        server dynsrv1 172.16.253.105:80 check
        server dynsrv2 172.16.253.105:8080 check
    backend staticsrvs
        balance roundrobin
        server staticsrv1 172.16.253.191:80 check
        server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

    配置haproxy主页跳转,即访问的http的所有内容都跳转到https的默认主页上

    [root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend https *:443
        bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
        acl static path_end .jpg .jpeg .png .gif .txt .html
        acl static path_beg /imgs /images /css
        use_backend staticsrvs  if static
        default_backend dynsrvs
    frontend http
        bind *:8080
        redirect location https://172.16.253.108/ if !{ ssl_fc }
    backend dynsrvs
        balance roundrobin
        server dynsrv1 172.16.253.105:80 check
        server dynsrv2 172.16.253.105:8080 check
    backend staticsrvs
        balance roundrobin
        server staticsrv1 172.16.253.191:80 check
        server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

    client访问测试
  • 相关阅读:
    常用的清理 Kubernetes 集群命令
    mask彻底禁用systemctl服务
    ansibleplaybook指定role limit
    极速理解设计模式系列:16.迭代器模式(Iterator Pattern)
    极速理解设计模式系列:19.备忘录模式(Memento Pattern)
    极速理解设计模式系列:8.策略模式(Strategy Pattern)
    极速理解设计模式系列:6.适配器模式(Adapter Pattern)
    PostSharp AOP编程:2.PostSharp的OnMethodBoundaryAspect类基本组成
    极速理解设计模式系列:18.访问者模式(Visitor Pattern)
    极速理解设计模式系列:10.抽象工厂模式(Abstract Factory Pattern)
  • 原文地址:https://www.cnblogs.com/JevonWei/p/7468474.html
Copyright © 2011-2022 走看看