配置HAProxy支持https协议

author：JevonWei
版权声明：原创作品

实现http重定向到https

HAProxy

创建CA证书
[root@HAProxy ~]# cd /etc/haproxy/
[root@HAProxy haproxy]# mkdir certs
[root@HAProxy haproxy]# cd /etc/pki/CA
[root@HAProxy CA]# (umask 077;openssl genrsa -out private/cakey.pem 4096)
[root@HAProxy CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 \\自签名证书
[root@HAProxy CA]# touch index.txt
[root@HAProxy CA]# echo 01 > serial[root@HAProxy CA]# cd /etc/haproxy/certs/
[root@HAProxy certs]# openssl genrsa -out haproxy.key 2048
[root@HAProxy certs]# openssl req -new -key haproxy.key -out haproxy.csr
[root@HAProxy certs]# [root@HAProxy certs]# openssl ca -in haproxy.csr -out haproxy.crt
[root@HAProxy certs]# ls
haproxy.crt  haproxy.csr  haproxy.key
[root@HAProxy certs]# cat haproxy.crt haproxy.key > haproxy.pem
[root@HAProxy certs]# ll
total 12
-rw-r--r--. 1 root root    0 Aug 29 19:36 haproxy.crt
-rw-r--r--. 1 root root 1009 Aug 29 19:35 haproxy.csr
-rw-r--r--. 1 root root 1675 Aug 29 19:34 haproxy.key
-rw-r--r--. 1 root root 1675 Aug 29 19:37 haproxy.pem
[root@HAProxy certs]# chmod 600 haproxy.pem

配置haproxy网页跳转

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfgfrontend https *:443bind *:443 ssl crt /etc/haproxy/certs/haproxy.pemacl static path_end .jpg .jpeg .png .gif .txt .htmlacl static path_beg /imgs /images /cssuse_backend staticsrvs  if staticdefault_backend dynsrvsfrontend httpbind *:8080redirect scheme https if !{ ssl_fc }backend dynsrvsbalance roundrobinserver dynsrv1 172.16.253.105:80 checkserver dynsrv2 172.16.253.105:8080 checkbackend staticsrvsbalance roundrobinserver staticsrv1 172.16.253.191:80 checkserver staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

配置haproxy主页跳转，即访问的http的所有内容都跳转到https的默认主页上

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfgfrontend https *:443bind *:443 ssl crt /etc/haproxy/certs/haproxy.pemacl static path_end .jpg .jpeg .png .gif .txt .htmlacl static path_beg /imgs /images /cssuse_backend staticsrvs  if staticdefault_backend dynsrvsfrontend httpbind *:8080redirect location https://172.16.253.108/ if !{ ssl_fc }backend dynsrvsbalance roundrobinserver dynsrv1 172.16.253.105:80 checkserver dynsrv2 172.16.253.105:8080 checkbackend staticsrvsbalance roundrobinserver staticsrv1 172.16.253.191:80 checkserver staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

client访问测试

转载于:https://www.cnblogs.com/JevonWei/p/7468474.html

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/news/415978.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！