User Tools
решение_haproxy
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
решение_haproxy [2022/07/20 15:53] val |
решение_haproxy [2024/04/08 14:08] val |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Решение HAProxy ====== | ====== Решение HAProxy ====== | ||
| + | |||
| + | * [[https://www.leaderssl.ru/articles/354-vypolnyaem-ssl-terminatsiyu-s-pomoschyu-haproxy-dlya-ubuntu-14-04|Выполняем SSL-терминацию с помощью HAProxy для Ubuntu 14.04]] | ||
| + | * [[https://www.haproxy.com/documentation/haproxy-configuration-tutorials/http-rewrites/|HAProxy config tutorials HTTP rewrites]] | ||
| + | * [[https://serverfault.com/questions/560978/configure-multiple-ssl-certificates-in-haproxy|Configure multiple SSL certificates in Haproxy]] | ||
| <code> | <code> | ||
| - | # apt install haproxy | + | gate# apt install haproxy |
| - | # cat /etc/haproxy/haproxy.cfg | + | gate# cat wild.crt wild.key > /etc/ssl/private/wild.crtkey |
| + | gate# ###cat gowebd.crt gowebd.key > /etc/ssl/private/gowebd.crtkey | ||
| + | gate# ###cat keycloak.crt keycloak.key > /etc/ssl/private/keycloak.crtkey | ||
| + | |||
| + | gate# cat /etc/haproxy/haproxy.cfg | ||
| + | </code><code> | ||
| ... | ... | ||
| - | frontend kubernetes-apiserver | + | frontend ft-gate |
| - | mode http | + | mode http |
| - | bind *:83 | + | |
| + | bind *:80 | ||
| + | redirect scheme https code 301 if !{ ssl_fc } | ||
| + | |||
| + | bind *:443 ssl crt /etc/ssl/private/wild.crtkey | ||
| + | # bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey crt /etc/ssl/private/keycloak.crtkey | ||
| + | |||
| + | default_backend bk-kube-ingress | ||
| + | # use_backend bk-kube-ingress if { ssl_fc_sni keycloak.corp13.un } | ||
| + | # use_backend bk-node-ingress if { ssl_fc_sni gowebd.corp13.un } | ||
| option tcplog | option tcplog | ||
| - | default_backend kubernetes-apiserver | + | |
| + | backend bk-kube-ingress | ||
| + | |||
| + | # http-request set-header X-Forwarded-Proto https if { ssl_fc } | ||
| + | # http-request set-header X-Forwarded-Host %[req.hdr(Host)] | ||
| + | # http-request set-header X-Forwarded-Port %[dst_port] | ||
| + | |||
| + | ## http-request add-header X-Real-Ip %[src] # Custom header with src IP | ||
| + | ## option forwardfor # X-forwarded-for | ||
| + | ## http-request set-uri https://%[req.hdr(Host)]%[path]?%[query] if { ssl_fc } | ||
| - | backend kubernetes-apiserver | ||
| mode http | mode http | ||
| balance roundrobin | balance roundrobin | ||
| - | server node1 node1:30758 check | + | |
| - | server node2 node2:30758 check | + | server kube1 kube1:80 check |
| - | server node3 node3:30758 check | + | server kube2 kube2:80 check |
| - | + | server kube3 kube3:80 check | |
| + | |||
| + | #backend bk-node-ingress | ||
| + | # mode http | ||
| + | # balance roundrobin | ||
| + | # server node2 node2:80 check | ||
| + | # server node3 node3:80 check | ||
| + | </code><code> | ||
| # haproxy -f /etc/haproxy/haproxy.cfg -c | # haproxy -f /etc/haproxy/haproxy.cfg -c | ||
| Configuration file is valid | Configuration file is valid | ||
| Line 24: | Line 58: | ||
| # service haproxy restart | # service haproxy restart | ||
| - | # curl http://localhost:83/ | + | # tail -f /var/log/haproxy.log |
| + | # journalctl -f | grep proxy | ||
| + | |||
| + | haproxy# curl https://localhost/ -H "Host: gowebd.corpX.un" -k | ||
| </code> | </code> | ||
решение_haproxy.txt · Last modified: 2024/04/09 11:27 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
