Haproxy-1.5.x SSL Configuration
The haproxy-1.4 version agent is always used, and ssl configuration is not supported, the haproxy-1.5 version is supported, so the version is updated for testing. You can use the original apache ssl Certificate file for simple processing on haproyx.
Originally intended to use haproxy-1.4 penetration, but to back-end servers to configure ssl, so configured on the Haproyx-1.5, ssl terminal CA authentication.
1. Install
# Yum install pcre-devel openssl-devel-y
# Tar zxvf haproxy-1.5.3.tar.gz
# Cd haproxy-1.5.3
# Make TARGET = linux26 USE_STATIC_PCRE = 1 USE_REGPARM = 1 USE_LINUX_TPROXY = 1 USE_OPENSSL = 1 USE_ZLIB = 1 ARCH = x86_64
# Make install PREFIX =/usr/local/haproxy
# Cd/usr/local/haproxy
# Mkdir conf
2. Prepare the pem Certificate file
The apache ssl CA authentication configuration file has been configured before. The cer file and the key file. The pem file combines the first two files for use.
# Cat my-server.cer my-server.key | tee my-server.pem
----- Begin certificate -----
Miid3zcca0igawibagipbwacibqbfaaaacfun1ma0gcsqgsib3dqebbquamiib
JDENMAsGA1UEBh4EAEMATjEbMBkGA1UECB4SAEcAdQBhAG4AZwBkAG8AbgBnMRsw
GQYDVQQHHhIARwB1AGEAbgBnAHoAaABvAHUxPTA7BgNVBAoeNABHAEQAQwBBACAA
Qwblhiadabpagyaaqbjageadablacaaqqb1ahqaaabvahiaaqb0ahkxrzbfbgnv
Basepgbhahuayqbuagcazabvag4azwagaemazqbyahqaaqbmagwbhahqazqag
AEEAdQB0AGgAbwByAGkAdAB5MVEwTwYDVQQDHkgARwBEAEMAQQAgAEcAdQBhAG4A
Zwbkag8abgbnacaaqwblhiadabpagyaaqbjageadablacaaqqb1ahqaaabvahia
AQB0AHkwHhcNMTQwMTEzMTYwMDAwWhcNMTkwMTMwMTYwMDAwWjCBrjENMAsGA1UE
Bytes
BAoeIG0LbWZ + z21OXwBT0VM6e6F0BlnUVFhPGk/hYG9OLV/DMSkwJwYDVQQLHiBt
Bytes
AC4AMQA2ADgALgAyADMAMAAuADgANTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
GYEAz6XQgc/UBi/LtJh1BXTGxAyuWZY0nfkzPlv8cf2bRCMKadnM + iJ9PKv8mnpU
TgKe6 + c5zjqy + sTk6KEYVMMROY4InrykZY/7tA + dk + lqECU + fQ + bNAzLh5yPp6Ni
2KzeG1V6/tF9t7syz8UWy6Bxgvdg3gu + M9vcpZUaD3NjsnECAwEAAaOBhTCBgjAf
Bytes
RNrjCV9uSaeMw0/Fw/8wCwYDVR0PBAQDAgQwMBYGBSpWCwcBBA0xC4AJMjAxNDAx
Bytes
GYEAeKrIQ0u1cmgUz8qwW07VF1s6q + fKJf6OJnRDWshsG7ZRSJH2rZx7oohpZQJk
Bytes
4e4At2IMrUUTo + uzaiyrf1_mkpp7gyuy0lnmq2aedbu4fb0 =
----- End certificate -----
----- Begin rsa private key -----
MIICXQIBAAKBgQDPpdCBz9QGL8u0mHUFdMbEDK5ZljSd + TM + W/xx/ZtEIwpp2cz6
In08q/yaelROAp7r5znOOrL6xOTooRhUwxE5jgievKRlj/u0D52T6WoQJT59D5s0
DMuHnI + no2LYrN4bVXr + 0X23uzLPxRbLoHGC92DeC74z29yllRoPc2OycQIDAQAB
AoGBALIBDiZJ + BM5o + H0E9USj1X/HPM1fXOy7gfWKSm64wBdHY8yI7KGIGADe68d
KOmy + 3N1K6urzESGx0jY2JfJBRiKR3QW + fEL5UBhj/PC5Nj9OMxwEK0WqYlfhivx
EpPycuwKhDN7aYcGJIK/J38j4Q8G383wDev1Sl9beLRoqs + FAkEA + LtkdOVU8hfa
Xx44Tl6PxsY25LWunjuoUu6KZOWLvsAJK + CGV91oZAJk + QwXIZj8tDjPAGrcvHMM
CENwrvFWuwJBANW3GKsHELMTzJumKUXlSPDlU5xGn7H2PQOc + FaYuinK6K94E55t
E7MN6Oe + 1avOTLYlRVsv2klPUkK1DlrOxsMCQBEFmgFZ9G9A7KPXyJisZgB/biBG
WrV3dbR/OJ9hCig6siX7jpYSw + McOtbEWgzlkF2xCZGIvqRy5yYDp4GBaKMCQQDQ
0F + X7AVTE8tdYZL + KjOEvG1fSloKpg + jkiHLatqqrwl/ORHiP615y + N/W6Smg6HM
Bso/eJgN/STg7MsjytnFAkAVwZMhaoIWIocbyoA3eUQVIrUDynDMq27TDFwltvaL
IhOkwBYuzDujgOBLwY + pLg6SqphDhgP92OCg + VVqty02
----- End rsa private key -----
3. Create a configuration file
# Vi/usr/local/haproxy/conf/haproxy. cfg
Global
Log 127.0.0.1 local0
Maxconn 65535
Chroot/usr/local/haproxy
Uid 99
Gid 99
Stats socket/usr/local/haproxy/HaproxSocket level admin
Daemon
Nbproc 1
Pidfile/usr/local/haproxy. pid
# Debug
Tune. ssl. default-dh-param 2048
Ults
Log 127.0.0.1 local3
Mode http
Option httplog
Option httplog clf
Option httpclose
Option dontlognull
Option forwardfor
Option redispatch
Retries 2
Maxconn 2000
Balance source
# Balance roundrobin
Stats uri/haproxy-stats
Stats refresh 10 s
Timeout client 60 s
Timeout connect 9 s
Timeout server 30 s
Timeout check 5S
Listen TEST_APP_Cluster
Bind *: 80
Mode http
Option httpchk GET/test.html HTTP/1.0 \ r \ nHost: 192.168.10.180
Server node01 192.168.0.100: 100 weight 3 check inter 2000 rise 2 fall 1
Server node02 192.168.0.101: 100 weight 3 backup check inter 2000 rise 2 fall 1
Listen TEST_APP_SSL
Bind *: 443 ssl crt/usr/local/haproxy/conf/my-server.pem
Reqadd X-Forwarded-Proto: \ https
Mode http
Option httpchk GET/test.html HTTP/1.0 \ r \ nHost: 192.168.10.180
Server node01 192.168.0.100: 100 weight 3 check inter 2000 rise 2 fall 1
Server node02 192.168.0.101: 100 weight 3 backup check inter 2000 rise 2 fall 1
Listen stats_auth 0.0.0.0: 91
Stats enable
Stats uri/admin
Stats realm "HA_CONSOLE"
Stats auth admin: 123456
Stats hide-version
Stats refresh 10 s
Stats admin if TRUE
Start port
4. Configuration highlights
Because the certificate length is 2048, an error is reported in the default configuration file. ssl. after the default-dh-param 2048 parameter, the problem is solved. certificates in the pem format can also implement ssl functions through haproxy-1.4 + stunnel.
Haproxy + Keepalived build Weblogic high-availability server Load balancer Cluster
Keepalived + HAProxy configure high-availability Load Balancing
Haproxy + Keepalived + Apache configuration notes in CentOS 6.3
Haproxy + KeepAlived WEB Cluster on CentOS 6
Haproxy + Keepalived build high-availability Load Balancing
For details about HAproxy, click here
HAproxy: click here
This article permanently updates the link address: