« Haproxy : Configuration de plusieurs certificats » : différence entre les versions
De www.yakakliker.org
Aucun résumé des modifications |
Aucun résumé des modifications |
||
| Ligne 1 : | Ligne 1 : | ||
=== Exemple de configuration === | === Exemple de configuration === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
frontend | frontend http | ||
bind *:80 | bind *:80 | ||
filter cache mycache | |||
http-request cache-use mycache | |||
http-response cache-store mycache | |||
mode http | mode http | ||
option httplog | option httplog | ||
http-request redirect scheme https code 301 unless { ssl_fc } | |||
acl yaka_acl hdr(host) www.yakakliker.org | acl yaka_acl hdr(host) www.yakakliker.org | ||
use_backend backend1 if yaka_acl | use_backend backend1 if yaka_acl | ||
acl openproject_acl hdr(host) openproject.yakakliker.org | |||
use_backend backend2 if openproject_acl | |||
acl guacamole_acl hdr(host) guacamole.yakakliker.org | acl guacamole_acl hdr(host) guacamole.yakakliker.org | ||
use_backend backend3 if guacamole_acl | use_backend backend3 if guacamole_acl | ||
frontend | frontend https | ||
bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem crt /etc/haproxy/cert/openproject.yakakliker.org.pem | |||
bind *:443 ssl crt /etc/haproxy/cert/ | |||
filter cache mycache | |||
http-request cache-use mycache | |||
http-response cache-store mycache | |||
mode http | mode http | ||
option httplog | option httplog | ||
http-request redirect scheme https code 301 unless { ssl_fc } | |||
acl yaka_acl hdr(host) www.yakakliker.org | |||
use_backend backend1 if yaka_acl | |||
acl openproject_acl hdr(host) openproject.yakakliker.org | acl openproject_acl hdr(host) openproject.yakakliker.org | ||
use_backend backend2 if openproject_acl | use_backend backend2 if openproject_acl | ||
| Ligne 38 : | Ligne 46 : | ||
</syntaxhighlight><syntaxhighlight lang="bash"> | </syntaxhighlight><syntaxhighlight lang="bash"> | ||
backend backend1 | backend backend1 | ||
balance | balance roundrobin | ||
mode http | mode http | ||
| Ligne 46 : | Ligne 54 : | ||
option httpchk | |||
http-check expect ! rstatus ^5 | |||
default-server inter 3s fall 3 rise 2 | |||
option forwardfor except 127.0.0.1 | option forwardfor except 127.0.0.1 | ||
http-request add-header X-Forwarded-Proto https if { ssl_fc } | http-request add-header X-Forwarded-Proto https if { ssl_fc } | ||
server web-server1 192.168.1.100:80 | server web-server1 192.168.1.100:80 check | ||
server web-server2 192.168.2.100:80 check | |||
backend backend2 | backend backend2 | ||
balance | balance roundrobin | ||
mode http | mode http | ||
| Ligne 64 : | Ligne 71 : | ||
http-response cache-store mycache | http-response cache-store mycache | ||
option httpchk | |||
http-check expect ! rstatus ^5 | |||
#http-check expect string OK | #http-check expect string OK | ||
#http-check expect string success | #http-check expect string success | ||
| Ligne 73 : | Ligne 80 : | ||
#tcp-check send ping\r\n | #tcp-check send ping\r\n | ||
#tcp-check expect string PONG | #tcp-check expect string PONG | ||
default-server inter 3s fall 3 rise 2 | |||
option forwardfor except 127.0.0.1 | |||
http-request add-header X-Forwarded-Proto https if { ssl_fc } | |||
server web-server1 192.168.1.200:80 check | |||
server web-server2 192.168.2.200:80 check | |||
backend backend3 | |||
mode http | |||
balance source | |||
#option httpchk | |||
option forwardfor except 127.0.0.1 | option forwardfor except 127.0.0.1 | ||
http-request add-header X-Forwarded-Proto https if { ssl_fc } | http-request add-header X-Forwarded-Proto https if { ssl_fc } | ||
server web-server1 192.168.1. | server web-server1 192.168.1.150:80 maxconn 32 | ||
Version du 24 mai 2024 à 15:21
Exemple de configuration
frontend http
bind *:80
filter cache mycache
http-request cache-use mycache
http-response cache-store mycache
mode http
option httplog
http-request redirect scheme https code 301 unless { ssl_fc }
acl yaka_acl hdr(host) www.yakakliker.org
use_backend backend1 if yaka_acl
acl openproject_acl hdr(host) openproject.yakakliker.org
use_backend backend2 if openproject_acl
acl guacamole_acl hdr(host) guacamole.yakakliker.org
use_backend backend3 if guacamole_acl
frontend https
bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem crt /etc/haproxy/cert/openproject.yakakliker.org.pem
filter cache mycache
http-request cache-use mycache
http-response cache-store mycache
mode http
option httplog
http-request redirect scheme https code 301 unless { ssl_fc }
acl yaka_acl hdr(host) www.yakakliker.org
use_backend backend1 if yaka_acl
acl openproject_acl hdr(host) openproject.yakakliker.org
use_backend backend2 if openproject_acl
backend backend1
balance roundrobin
mode http
filter cache mycache
http-request cache-use mycache
http-response cache-store mycache
option httpchk
http-check expect ! rstatus ^5
default-server inter 3s fall 3 rise 2
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server web-server1 192.168.1.100:80 check
server web-server2 192.168.2.100:80 check
backend backend2
balance roundrobin
mode http
filter cache mycache
http-request cache-use mycache
http-response cache-store mycache
option httpchk
http-check expect ! rstatus ^5
#http-check expect string OK
#http-check expect string success
#http-check expect status 200
#option tcp-check
#tcp-check send ping\r\n
#tcp-check expect string PONG
default-server inter 3s fall 3 rise 2
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server web-server1 192.168.1.200:80 check
server web-server2 192.168.2.200:80 check
backend backend3
mode http
balance source
#option httpchk
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server web-server1 192.168.1.150:80 maxconn 32
Test de la configuration
haproxy -f /etc/haproxy/haproxy.cfg -c
