Differences

This shows you the differences between two versions of the page.

--- решение_haproxy [2023/11/27 05:49]
val
+++ решение_haproxy [2024/04/08 14:08]
val
@@ Line 2: / Line 2: @@
   * [[https://www.leaderssl.ru/articles/354-vypolnyaem-ssl-terminatsiyu-s-pomoschyu-haproxy-dlya-ubuntu-14-04|Выполняем SSL-терминацию с помощью HAProxy для Ubuntu 14.04]]
+  * [[https://www.haproxy.com/documentation/haproxy-configuration-tutorials/http-rewrites/|HAProxy config tutorials HTTP rewrites]]
+  * [[https://serverfault.com/questions/560978/configure-multiple-ssl-certificates-in-haproxy|Configure multiple SSL certificates in Haproxy]]
 <code>
-# apt install haproxy
+gate# apt install haproxy
-# cat /etc/haproxy/haproxy.cfg
+gate# cat wild.crt wild.key > /etc/ssl/private/wild.crtkey
+gate# ###cat gowebd.crt gowebd.key > /etc/ssl/private/gowebd.crtkey
+gate# ###cat keycloak.crt keycloak.key > /etc/ssl/private/keycloak.crtkey
+gate# cat /etc/haproxy/haproxy.cfg
 </code><code>
 ...
-frontend kubernetes-apiserver
+frontend ft-gate
-    mode                 http
+    mode http
-    bind                 *:83
-#    bind                 *:443 ssl crt /etc/ssl/private/gate.crtkey
-    option               tcplog
-    default_backend      kubernetes-apiserver
-backend kubernetes-apiserver
+    bind *:80
+    redirect scheme https code 301 if !{ ssl_fc }
-#    http-request add-header X-Real-Ip %[src] # Custom header with src IP
+    bind *:443 ssl crt /etc/ssl/private/wild.crtkey
-#    http-request set-header X-Forwarded-Proto https if { ssl_fc } # For Proto
+#    bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey crt /etc/ssl/private/keycloak.crtkey
+    default_backend      bk-kube-ingress
+#    use_backend bk-kube-ingress if { ssl_fc_sni keycloak.corp13.un }
+#    use_backend bk-node-ingress if { ssl_fc_sni gowebd.corp13.un }
+    option               tcplog
+backend bk-kube-ingress
+#    http-request set-header X-Forwarded-Proto https if { ssl_fc }
 #    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
 #    http-request set-header X-Forwarded-Port %[dst_port]
-#    option forwardfor # X-forwarded-for
-#    http-request set-uri https://%[req.hdr(Host)]%[path]?%[query] if { ssl_fc }
+##    http-request add-header X-Real-Ip %[src] # Custom header with src IP
+##    option forwardfor # X-forwarded-for
+##    http-request set-uri https://%[req.hdr(Host)]%[path]?%[query] if { ssl_fc }
     mode        http
     balance     roundrobin
-    server  node1 node1:30758 check
-    server  node2 node2:30758 check
+    server  kube1 kube1:80 check
-    server  node3 node3:30758 check
+    server  kube2 kube2:80 check
+    server  kube3 kube3:80 check
+#backend bk-node-ingress
+#    mode        http
+#    balance     roundrobin
+#    server  node2 node2:80 check
+#    server  node3 node3:80 check
 </code><code>
 # haproxy -f /etc/haproxy/haproxy.cfg -c
@@ Line 36: / Line 58: @@
 # service haproxy restart
+# tail -f /var/log/haproxy.log
 # journalctl -f | grep proxy
-# curl http://localhost:83/
+haproxy# curl https://localhost/ -H "Host: gowebd.corpX.un" -k
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools