User Tools
решение_haproxy
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
решение_haproxy [2013/05/22 13:50] 127.0.0.1 external edit |
решение_haproxy [2024/04/08 14:08] val |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Решение HAProxy ====== | ====== Решение HAProxy ====== | ||
| - | [[http://ajohnstone.com/achives/running-several-vips-on-the-same-interface-with-ucarp-and-haproxy/]] | + | * [[https://www.leaderssl.ru/articles/354-vypolnyaem-ssl-terminatsiyu-s-pomoschyu-haproxy-dlya-ubuntu-14-04|Выполняем SSL-терминацию с помощью HAProxy для Ubuntu 14.04]] |
| + | * [[https://www.haproxy.com/documentation/haproxy-configuration-tutorials/http-rewrites/|HAProxy config tutorials HTTP rewrites]] | ||
| + | * [[https://serverfault.com/questions/560978/configure-multiple-ssl-certificates-in-haproxy|Configure multiple SSL certificates in Haproxy]] | ||
| + | |||
| + | <code> | ||
| + | gate# apt install haproxy | ||
| + | |||
| + | gate# cat wild.crt wild.key > /etc/ssl/private/wild.crtkey | ||
| + | gate# ###cat gowebd.crt gowebd.key > /etc/ssl/private/gowebd.crtkey | ||
| + | gate# ###cat keycloak.crt keycloak.key > /etc/ssl/private/keycloak.crtkey | ||
| + | |||
| + | gate# cat /etc/haproxy/haproxy.cfg | ||
| + | </code><code> | ||
| + | ... | ||
| + | frontend ft-gate | ||
| + | mode http | ||
| + | |||
| + | bind *:80 | ||
| + | redirect scheme https code 301 if !{ ssl_fc } | ||
| + | |||
| + | bind *:443 ssl crt /etc/ssl/private/wild.crtkey | ||
| + | # bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey crt /etc/ssl/private/keycloak.crtkey | ||
| + | |||
| + | default_backend bk-kube-ingress | ||
| + | # use_backend bk-kube-ingress if { ssl_fc_sni keycloak.corp13.un } | ||
| + | # use_backend bk-node-ingress if { ssl_fc_sni gowebd.corp13.un } | ||
| + | |||
| + | option tcplog | ||
| + | |||
| + | backend bk-kube-ingress | ||
| + | |||
| + | # http-request set-header X-Forwarded-Proto https if { ssl_fc } | ||
| + | # http-request set-header X-Forwarded-Host %[req.hdr(Host)] | ||
| + | # http-request set-header X-Forwarded-Port %[dst_port] | ||
| + | |||
| + | ## http-request add-header X-Real-Ip %[src] # Custom header with src IP | ||
| + | ## option forwardfor # X-forwarded-for | ||
| + | ## http-request set-uri https://%[req.hdr(Host)]%[path]?%[query] if { ssl_fc } | ||
| + | |||
| + | mode http | ||
| + | balance roundrobin | ||
| + | |||
| + | server kube1 kube1:80 check | ||
| + | server kube2 kube2:80 check | ||
| + | server kube3 kube3:80 check | ||
| + | |||
| + | #backend bk-node-ingress | ||
| + | # mode http | ||
| + | # balance roundrobin | ||
| + | # server node2 node2:80 check | ||
| + | # server node3 node3:80 check | ||
| + | </code><code> | ||
| + | # haproxy -f /etc/haproxy/haproxy.cfg -c | ||
| + | Configuration file is valid | ||
| + | |||
| + | # service haproxy restart | ||
| + | |||
| + | # tail -f /var/log/haproxy.log | ||
| + | # journalctl -f | grep proxy | ||
| + | |||
| + | haproxy# curl https://localhost/ -H "Host: gowebd.corpX.un" -k | ||
| + | </code> | ||
решение_haproxy.txt · Last modified: 2024/04/09 11:27 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
