User Tools
решение_haproxy
Решение HAProxy
gate# apt install haproxy gate# cat wild.crt wild.key > /etc/ssl/private/wild.crtkey gate# ###cat gowebd.crt gowebd.key > /etc/ssl/private/gowebd.crtkey gate# ###cat keycloak.crt keycloak.key > /etc/ssl/private/keycloak.crtkey gate# cat /etc/haproxy/haproxy.cfg
...
frontend ft-gate
mode http
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
bind *:443 ssl crt /etc/ssl/private/wild.crtkey
# bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey crt /etc/ssl/private/keycloak.crtkey
default_backend bk-kube-ingress
# use_backend bk-kube-ingress if { ssl_fc_sni keycloak.corp13.un }
# use_backend bk-node-ingress if { ssl_fc_sni gowebd.corp13.un }
option tcplog
backend bk-kube-ingress
# http-request set-header X-Forwarded-Proto https if { ssl_fc }
# http-request set-header X-Forwarded-Host %[req.hdr(Host)]
# http-request set-header X-Forwarded-Port %[dst_port]
## http-request add-header X-Real-Ip %[src] # Custom header with src IP
## option forwardfor # X-forwarded-for
## http-request set-uri https://%[req.hdr(Host)]%[path]?%[query] if { ssl_fc }
mode http
balance roundrobin
server kube1 kube1:80 check
server kube2 kube2:80 check
server kube3 kube3:80 check
#backend bk-node-ingress
# mode http
# balance roundrobin
# server node2 node2:80 check
# server node3 node3:80 check
# haproxy -f /etc/haproxy/haproxy.cfg -c Configuration file is valid # service haproxy restart # tail -f /var/log/haproxy.log # journalctl -f | grep proxy # ###haproxy -f /etc/haproxy/haproxy.cfg -d haproxy# curl https://localhost/ -H "Host: gowebd.corpX.un" -k
решение_haproxy.txt · Last modified: 2024/08/12 07:51 by val
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
