Determine haproxy support for HTTPS
[Email protected] sbin]# ldd haproxy |grep ssllibssl.so.10 =/usr/lib64/libssl.so.10 (0x00007f961911c000)
Consolidate certificates and private keys:
# cat 213978673141013.key 213978673141013.pem |tee Server.pen
To view the configuration file:
Global log 127.0.0.1 local0 info #[err warning Info Debug]//log location Tune.ssl.default-dh-param 20 #修改默认使用2048bit加密, do not set a warning maxconn 4096 daemon #设置成后台运行 nbproc 1 #进程数量 Pi Dfile/apps/haproxy-1.7.7/haproxy.pid Defaults Log global mode HTTP #默认模式 opt Ion httplog #http日志格式 option dontlognull retries 3 #三次失败后认为服务器不可用 option Redispat Ch #如果cookie写入了serverId而客户端不会刷新cookie, when the serverid corresponding server is hung, force directed to other healthy servers Maxconn #当服务器负载很高的时候, automatically end the current queue processing Long link default maximum number of connections Contimeout #连接超时 clitimeout 30000 #客户端超时 srvtimeout 30000 #服务器超 When frontend web_in mode http maxconn bind *:80 bind *:443 SSL crt/e Tc/cert/server.pem Reqadd x-forwarded-proto:\ HTTPS #HTTP, HTTPS coexistence #redirect scheme HTTPS if! {SSL_FC} ACL Is_A Hdr_beg (host)-I ssl.espressos1.com #判断域名是不是www. espressos1.com, is given to a server Cluster service Use_backend a_server if is_a Backend A_server mode HTTP #http modes stats uri/haproxy balance Roundrobi n Cookie jsessionid prefix stats hide-version option httpclose Server Web1 10.100.0.220:80 Check #server web2 128.1.2.5:80 check
Haproxy Configuring HTTPS simultaneous 443 80 ports