« Haproxy : Configuration de plusieurs certificats » : différence entre les versions

De www.yakakliker.org
VisuelWikicode
Aucun résumé des modifications
Aucun résumé des modifications
Ligne 92 : Ligne 92 :
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
  haproxy -f /etc/haproxy/haproxy.cfg -c
  haproxy -f /etc/haproxy/haproxy.cfg -c
</syntaxhighlight>
=== Création des certificats Let's encrypt pour HAproxy ===
<syntaxhighlight lang="bash">
cat fullchain.pem privkey.pem > example.com.pem
</syntaxhighlight>
</syntaxhighlight>


Ligne 98 : Ligne 103 :


https://gist.github.com/urodoz/d7796cec6d47566439ba3d8ecce962f1
https://gist.github.com/urodoz/d7796cec6d47566439ba3d8ecce962f1
https://stackoverflow.com/questions/27947982/haproxy-unable-to-load-ssl-private-key-from-pem-file


[[Catégorie:Haproxy]]
[[Catégorie:Haproxy]]
[[Catégorie:SSL]]
[[Catégorie:SSL]]
[[Catégorie:Proxy]]
[[Catégorie:Proxy]]

Version du 27 mai 2024 à 15:21

Exemple de configuration

frontend http
    bind *:80

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    mode http
    option httplog

    http-request redirect scheme https code 301 unless { ssl_fc }

    acl yaka_acl  hdr(host)   www.yakakliker.org
    use_backend backend1 if yaka_acl

    acl openproject_acl  hdr(host)   openproject.yakakliker.org
    use_backend backend2 if openproject_acl 

    acl guacamole_acl hdr(host) guacamole.yakakliker.org
    use_backend backend3 if guacamole_acl


frontend https
    bind *:443 ssl crt /etc/haproxy/cert/www.yakakliker.org.pem crt /etc/haproxy/cert/openproject.yakakliker.org.pem

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    mode http
    option httplog

    http-request redirect scheme https code 301 unless { ssl_fc }

    acl yaka_acl  hdr(host)   www.yakakliker.org
    use_backend backend1 if yaka_acl

    acl openproject_acl  hdr(host)   openproject.yakakliker.org
    use_backend backend2 if openproject_acl

backend backend1
    balance roundrobin
    mode http

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache


    option httpchk GET /
    default-server inter 3s fall 3 rise 2
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.100:80 check
    server web-server2  192.168.2.100:80 check


backend backend2
    balance roundrobin
    mode http

    filter cache mycache
    http-request cache-use mycache
    http-response cache-store mycache

    option httpchk GET /
    default-server inter 3s fall 3 rise 2
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.200:80 check
    server web-server2  192.168.2.200:80 check


backend backend3
    mode http
    balance source
    option httpchk GET /
    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server web-server1  192.168.1.150:80 maxconn 32

Test de la configuration

 haproxy -f /etc/haproxy/haproxy.cfg -c

Création des certificats Let's encrypt pour HAproxy

cat fullchain.pem privkey.pem > example.com.pem

Lien

https://docs.haproxy.org/

https://gist.github.com/urodoz/d7796cec6d47566439ba3d8ecce962f1

https://stackoverflow.com/questions/27947982/haproxy-unable-to-load-ssl-private-key-from-pem-file

Récupérée de « http://www.yakakliker.org/index.php?title=Haproxy_:_Configuration_de_plusieurs_certificats&oldid=267 »