User Tools
решение_haproxy
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
решение_haproxy [2024/02/27 12:39] val |
решение_haproxy [2024/04/09 11:27] (current) val |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| * [[https://www.haproxy.com/documentation/haproxy-configuration-tutorials/http-rewrites/|HAProxy config tutorials HTTP rewrites]] | * [[https://www.haproxy.com/documentation/haproxy-configuration-tutorials/http-rewrites/|HAProxy config tutorials HTTP rewrites]] | ||
| * [[https://serverfault.com/questions/560978/configure-multiple-ssl-certificates-in-haproxy|Configure multiple SSL certificates in Haproxy]] | * [[https://serverfault.com/questions/560978/configure-multiple-ssl-certificates-in-haproxy|Configure multiple SSL certificates in Haproxy]] | ||
| + | * [[https://youtu.be/oIczkkD-hOU|Видео урок: Доступ к приложениям в Bare-Metal Kubernetes]] | ||
| <code> | <code> | ||
| gate# apt install haproxy | gate# apt install haproxy | ||
| - | gate# cat gowebd.crt gowebd.key > /etc/ssl/private/gowebd.crtkey | + | gate# cat wild.crt wild.key > /etc/ssl/private/wild.crtkey |
| + | gate# ###cat gowebd.crt gowebd.key > /etc/ssl/private/gowebd.crtkey | ||
| gate# ###cat keycloak.crt keycloak.key > /etc/ssl/private/keycloak.crtkey | gate# ###cat keycloak.crt keycloak.key > /etc/ssl/private/keycloak.crtkey | ||
| Line 16: | Line 18: | ||
| frontend ft-gate | frontend ft-gate | ||
| mode http | mode http | ||
| + | |||
| bind *:80 | bind *:80 | ||
| - | bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey | + | redirect scheme https code 301 if !{ ssl_fc } |
| + | |||
| + | bind *:443 ssl crt /etc/ssl/private/wild.crtkey | ||
| # bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey crt /etc/ssl/private/keycloak.crtkey | # bind *:443 ssl crt /etc/ssl/private/gowebd.crtkey crt /etc/ssl/private/keycloak.crtkey | ||
| + | |||
| + | default_backend bk-kube-ingress | ||
| # use_backend bk-kube-ingress if { ssl_fc_sni keycloak.corp13.un } | # use_backend bk-kube-ingress if { ssl_fc_sni keycloak.corp13.un } | ||
| # use_backend bk-node-ingress if { ssl_fc_sni gowebd.corp13.un } | # use_backend bk-node-ingress if { ssl_fc_sni gowebd.corp13.un } | ||
| - | default_backend bk-kube-ingress | + | |
| option tcplog | option tcplog | ||
| | | ||
| backend bk-kube-ingress | backend bk-kube-ingress | ||
| - | # http-request set-header X-Forwarded-Proto https if { ssl_fc } # For Proto | + | # http-request set-header X-Forwarded-Proto https if { ssl_fc } |
| # http-request set-header X-Forwarded-Host %[req.hdr(Host)] | # http-request set-header X-Forwarded-Host %[req.hdr(Host)] | ||
| # http-request set-header X-Forwarded-Port %[dst_port] | # http-request set-header X-Forwarded-Port %[dst_port] | ||
| Line 37: | Line 44: | ||
| balance roundrobin | balance roundrobin | ||
| + | server kube1 kube1:80 check | ||
| server kube2 kube2:80 check | server kube2 kube2:80 check | ||
| server kube3 kube3:80 check | server kube3 kube3:80 check | ||
| Line 51: | Line 59: | ||
| # service haproxy restart | # service haproxy restart | ||
| + | # tail -f /var/log/haproxy.log | ||
| # journalctl -f | grep proxy | # journalctl -f | grep proxy | ||
| - | haproxy# curl http://localhost/ -H "Host: gowebd.corpX.un" | + | haproxy# curl https://localhost/ -H "Host: gowebd.corpX.un" -k |
| </code> | </code> | ||
решение_haproxy.1709026747.txt.gz · Last modified: 2024/02/27 12:39 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
