ssl - haproxy - 如何进行虚拟主机和 https 转发?

标签 ssl proxy routes centos haproxy

任何人都可以建议如何使用 haproxy 执行此操作吗?

我有这个 haproxy 设置,我收到 https 请求并将其重定向到 localhost 8888。 但现在我有更多请求我需要申请虚拟主机

https://python.stackoverflow.com = goes to as it is http://localhost:8888
https://cplusplus.stackoverflow.com = goes to /var/www/html/cgi-project
https://chat.stackoverflow.com = goes to /var/www/html/microchat
https://zendframework.stackoverflow.com = goes to /var/www/html/zf2/public

global
    log 127.0.0.1 local0 debug
    maxconn 8000
    user    haproxy
    group   haproxy
defaults
    log     global
    option  httplog
    option  dontlognull
    option  http-server-close
    option  redispatch
    retries 3
    mode    http
    maxconn         5000
    timeout connect  5s
    timeout client  30s
    timeout server  30s
    timeout tunnel  12h
frontend www
    bind     :8881
    option   forwardfor
    redirect scheme https if !{ ssl_fc }
frontend lb
    bind   :8882 ssl crt /etc/stunnel/all.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
    option forwardfor
    reqadd X-Forwarded-Proto:\ https
    default_backend  api
    acl is_websocket hdr(Upgrade)  -i WebSocket
    acl is_websocket hdr_beg(Host) -i ws
    acl is_api       hdr_beg(Host) -i api
    use_backend ws  if is_websocket
    use_backend api if is_api
backend api
    balance roundrobin
    server  service 127.0.0.1:8888 weight 1 maxconn 2500 check
backend ws
    balance roundrobin
    server  service 127.0.0.1:8888 weight 1 maxconn 2500 check

最佳答案 

global
    log 127.0.0.1 local0 debug
    maxconn 8000
    user    haproxy
    group   haproxy
defaults
    log     global
    option  httplog
    option  dontlognull
    option  http-server-close
    option  redispatch
    retries 3
    mode    http
    maxconn         5000
    timeout connect  5s
    timeout client  30s
    timeout server  30s
    timeout tunnel  12h
frontend www
    bind     :8881
    option   forwardfor
    redirect scheme https if !{ ssl_fc }
frontend lb
    bind   :443 ssl crt /etc/stunnel/all.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
    option forwardfor
    reqadd X-Forwarded-Proto:\ https
    default_backend  api
    acl is_websocket hdr(Upgrade)  -i WebSocket
    acl is_websocket hdr_beg(Host) -i ws
    acl is_api       hdr_beg(Host) -i api
    acl subdomain    hdr(host) subdomain.domain.com
    use_backend ws  if is_websocket
    use_backend api if is_api
    use_backend sub if subdomain
backend api
    balance roundrobin
    server  service 127.0.0.1:8888 weight 1 maxconn 2500 check
backend ws
    balance roundrobin
    server  service 127.0.0.1:8888 weight 1 maxconn 2500 check
backend sub
    balance roundrobin
    server  service 127.0.0.1:3000 weight 1 maxconn 2500 check

关于ssl - haproxy - 如何进行虚拟主机和 https 转发?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25739849/

上一篇:python - Twisted Python 中的 TLS - 如何创建 server.pem?

下一篇:ubuntu - 我们可以在两个不同的主机上使用一个 SSL 证书吗

相关文章:

wcf - WCF 服务的代理服务器身份验证

authentication - SSL数据和加密cookie的漏洞点有哪些?

ssl - 如何使用 `mongos` 为 `connect-mongo` 通过 TLS/SSL 连接到 `express-session` 实例?

ssl - 如何创建用于测试的旧版(v1 或 v2)X.509 证书

Linux 内核在同一子网数据包上的路由

ruby-on-rails - 在 Hartl 教程之后向 Rails 应用程序添加密码重置功能

Flutter嵌套路由

Java 客户端证书和 keystore

tomcat - 具有多个 tomcat 实例的反向代理的 Nginx 配置

web-applications - Node.js:可用/创建 Web 代理

©2024 IT工具网  联系我们