« Haproxy : Reverse Proxy https » : différence entre les versions
De www.yakakliker.org
Aucun résumé des modifications |
Aucun résumé des modifications |
||
| Ligne 37 : | Ligne 37 : | ||
frontend yakakliker | frontend yakakliker | ||
bind *:80 | bind *:80 | ||
bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem | bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem name www.yakakliker.org | ||
filter cache mycache | |||
http-request cache-use mycache | |||
http-response cache-store mycache | |||
mode http | mode http | ||
option httplog | option httplog | ||
| Ligne 44 : | Ligne 49 : | ||
use_backend backend1 if yaka_acl | use_backend backend1 if yaka_acl | ||
backend backend1 | backend backend1 | ||
balance roundrobin | |||
mode http | mode http | ||
filter cache mycache | |||
http-request cache-use mycache | |||
http-response cache-store mycache | |||
option httpchk | option httpchk | ||
http-check expect ! rstatus ^5 | |||
default-server inter 3s fall 3 rise 2 | |||
option forwardfor except 127.0.0.1 | option forwardfor except 127.0.0.1 | ||
http-request add-header X-Forwarded-Proto https if { ssl_fc } | http-request add-header X-Forwarded-Proto https if { ssl_fc } | ||
server web-server1 | server web-server1 192.168.1.100:80 check | ||
server web-server2 192.168.2.100:80 check | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Version du 24 mai 2024 à 13:40
Approche 1 : http/https to http
Avec cette approche, la communication se fait en http avec le backend (serveur web de destination) et en http où https avec les clients.
Les certificats sont hébergés uniquement sur HAproxy
frontend yakakliker
bind *:80
mode http
option httplog
acl yaka_acl hdr(host) www.yakakliker.org
use_backend backend1 if yaka_acl
frontend yakakliker_443
bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem
mode http
option httplog
acl yaka_acl hdr(host) www.yakakliker.org
redirect scheme https code 301 if !{ ssl_fc }
use_backend backend1 if yaka_acl
backend backend1
mode http
balance source
option httpchk
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server web-server1 Adresse_IP:80 maxconn 32
Approche 2 : https (uniquement) to http
frontend yakakliker
bind *:80
bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem name www.yakakliker.org
filter cache mycache
http-request cache-use mycache
http-response cache-store mycache
mode http
option httplog
acl yaka_acl hdr(host) www.yakakliker.org
http-request redirect scheme https code 301 unless { ssl_fc }
use_backend backend1 if yaka_acl
backend backend1
balance roundrobin
mode http
filter cache mycache
http-request cache-use mycache
http-response cache-store mycache
option httpchk
http-check expect ! rstatus ^5
default-server inter 3s fall 3 rise 2
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server web-server1 192.168.1.100:80 check
server web-server2 192.168.2.100:80 check
Lien
https://wiki.maxcorp.org/configurer-un-reverse-proxy-avec-haproxy-http-https/
https://www.haproxy.com/blog/redirect-http-to-https-with-haproxy#redirect-to-https
