« Haproxy : Configuration de plusieurs certificats » : différence entre les versions

De www.yakakliker.org
VisuelWikicode
(Page créée avec « === Exemple de configuration === <syntaxhighlight lang="bash"> frontend yakakliker bind *:80 bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem name www.yakakliker.org # filter cache mycache # http-request cache-use mycache # http-response cache-store mycache mode http option httplog acl yaka_acl hdr(host) www.yakakliker.org http-request redirect scheme https code 301 unless { ssl_fc } use_backend backend1 if yak... »)
 
Aucun résumé des modifications
 
(11 versions intermédiaires par le même utilisateur non affichées)
Ligne 1 : Ligne 1 :
=== Exemple de configuration ===
=== Exemple de configuration ===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
frontend yakakliker
frontend http
     bind *:80
     bind *:80
    bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem name www.yakakliker.org


#    filter cache mycache
    filter cache mycache
#    http-request cache-use mycache
    http-request cache-use mycache
#    http-response cache-store mycache
    http-response cache-store mycache


     mode http
     mode http
     option httplog
     option httplog
    http-request redirect scheme https code 301 unless { ssl_fc }
     acl yaka_acl  hdr(host)  www.yakakliker.org
     acl yaka_acl  hdr(host)  www.yakakliker.org
    http-request redirect scheme https code 301 unless { ssl_fc }
     use_backend backend1 if yaka_acl
     use_backend backend1 if yaka_acl


   
    acl openproject_acl hdr(host)  openproject.yakakliker.org
    use_backend backend2 if openproject_acl
 
     acl guacamole_acl hdr(host) guacamole.yakakliker.org
     acl guacamole_acl hdr(host) guacamole.yakakliker.org
     use_backend backend3 if guacamole_acl
     use_backend backend3 if guacamole_acl




frontend openproject
frontend https
    bind *:80
     bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem crt /etc/haproxy/cert/openproject.yakakliker.org.pem
     bind *:443 ssl crt /etc/haproxy/cert/openproject.yakakliker.org.pem name openproject.yakakliker.org


#    filter cache mycache
    filter cache mycache
#    http-request cache-use mycache
    http-request cache-use mycache
#    http-response cache-store mycache
    http-response cache-store mycache


     mode http
     mode http
     option httplog
     option httplog
    http-request redirect scheme https code 301 unless { ssl_fc }
    acl yaka_acl  hdr(host)  www.yakakliker.org
    use_backend backend1 if yaka_acl
     acl openproject_acl  hdr(host)  openproject.yakakliker.org
     acl openproject_acl  hdr(host)  openproject.yakakliker.org
    http-request redirect scheme https code 301 unless { ssl_fc }
     use_backend backend2 if openproject_acl
     use_backend backend2 if openproject_acl


</syntaxhighlight><syntaxhighlight lang="bash">
backend backend1
    balance roundrobin
    mode http
    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache
    option httpchk GET /
    default-server inter 3s fall 3 rise 2
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.100:80 check
    server web-server2  192.168.2.100:80 check
backend backend2
    balance roundrobin
    mode http
    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache
    option httpchk GET /
    default-server inter 3s fall 3 rise 2
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.200:80 check
    server web-server2  192.168.2.200:80 check
backend backend3
    mode http
    balance source
    option httpchk GET /
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.150:80 maxconn 32




</syntaxhighlight>
=== Test de la configuration ===
<syntaxhighlight lang="bash">
haproxy -f /etc/haproxy/haproxy.cfg -c
</syntaxhighlight>
=== Création des certificats Let's encrypt pour HAproxy ===
<syntaxhighlight lang="bash">
cat fullchain.pem privkey.pem > example.com.pem
</syntaxhighlight>
</syntaxhighlight>


=== Lien ===
=== Lien ===
https://docs.haproxy.org/
https://docs.haproxy.org/
https://gist.github.com/urodoz/d7796cec6d47566439ba3d8ecce962f1
https://stackoverflow.com/questions/27947982/haproxy-unable-to-load-ssl-private-key-from-pem-file
[[Catégorie:Haproxy]]
[[Catégorie:SSL]]
[[Catégorie:Proxy]]
‎<html>
<script src='https://storage.ko-fi.com/cdn/scripts/overlay-widget.js'></script>
<script>
  kofiWidgetOverlay.draw('yakakliker', {
    'type': 'floating-chat',
    'floating-chat.donateButton.text': 'Café',
    'floating-chat.donateButton.background-color': '#00b9fe',
    'floating-chat.donateButton.text-color': '#fff'
  });
</script>
‎</html>
‎<html>
<a href="https://www.compteurdevisite.com" title="compteur web gratuit sans pub"><img src="https://counter6.optistats.ovh/private/compteurdevisite.php?c=b4epghealnwlf7wuq7gn3ygll9aywrfx" border="0" title="compteur web gratuit sans pub" alt="compteur web gratuit sans pub"></a>
‎</html>

Dernière version du 17 février 2025 à 14:37

Exemple de configuration

frontend http
    bind *:80

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    mode http
    option httplog

    http-request redirect scheme https code 301 unless { ssl_fc }

    acl yaka_acl  hdr(host)   www.yakakliker.org
    use_backend backend1 if yaka_acl

    acl openproject_acl  hdr(host)   openproject.yakakliker.org
    use_backend backend2 if openproject_acl 

    acl guacamole_acl hdr(host) guacamole.yakakliker.org
    use_backend backend3 if guacamole_acl


frontend https
    bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem crt /etc/haproxy/cert/openproject.yakakliker.org.pem

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    mode http
    option httplog

    http-request redirect scheme https code 301 unless { ssl_fc }

    acl yaka_acl  hdr(host)   www.yakakliker.org
    use_backend backend1 if yaka_acl

    acl openproject_acl  hdr(host)   openproject.yakakliker.org
    use_backend backend2 if openproject_acl

backend backend1
    balance roundrobin
    mode http

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache


    option httpchk GET /
    default-server inter 3s fall 3 rise 2
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.100:80 check
    server web-server2  192.168.2.100:80 check


backend backend2
    balance roundrobin
    mode http

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    option httpchk GET /
    default-server inter 3s fall 3 rise 2
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.200:80 check
    server web-server2  192.168.2.200:80 check


backend backend3
    mode http
    balance source
    option httpchk GET /
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.150:80 maxconn 32

Test de la configuration

 haproxy -f /etc/haproxy/haproxy.cfg -c

Création des certificats Let's encrypt pour HAproxy

cat fullchain.pem privkey.pem > example.com.pem

Lien

https://docs.haproxy.org/

https://gist.github.com/urodoz/d7796cec6d47566439ba3d8ecce962f1

https://stackoverflow.com/questions/27947982/haproxy-unable-to-load-ssl-private-key-from-pem-file


compteur web gratuit sans pub

Récupérée de « http://www.yakakliker.org/index.php?title=Haproxy_:_Configuration_de_plusieurs_certificats&oldid=1144 »