//haproxy 系統、SELinux關閉、firewall關閉
CentOS Linux release 7.7.1908 (Core)
//web server 系統、SELinux關閉、firewall關閉
CentOS Linux release 7.7.1908 (AltArch)
注:使用的SSL證書配置到web server
//使用的域名 webb.hgtop.xyz 解析到 haproxy代理
綜述:
haproxy代理https有兩種方式:
1)haproxy服務器本身提供ssl證書,後面的web服務器走正常的http
2)haproxy服務器本身只提供代理,後面的web服務器走https(配置ssl證書)
這裏使用第2種方式。
//haproxy操作
# yum -y install haproxy
# whereis haproxy
haproxy: /usr/sbin/haproxy /etc/haproxy /usr/share/haproxy /usr/share/man/man1/haproxy.1.gz
//後附配置文件/etc/haproxy/haproxy.cfg
# systemctl enable haproxy
# systemctl start haproxy
//[web server配置及安裝參考我的另一篇博文]
(https://blog.csdn.net/qq_35590198/article/details/97391655)
# cat /etc/haproxy/haproxy.cfg //haproxy配置文件示例
---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local6
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 65535
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
#option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 65535
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:80
mode http
default_backend nginx_80
#---------------------------------------------------------------------
# listen ssl
#---------------------------------------------------------------------
frontend https_frontend
bind *:443
mode tcp
default_backend nginx_443
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend nginx_80
balance source
mode http
option httpclose
server localhost 192.168.1.17:80 check weight 3 maxconn 65535 fall 3
backend nginx_443
balance source
mode tcp
option httpclose
server localhost 192.168.1.17:443 check weight 3 maxconn 65535 fall 3
#---------------------------------------------------------------------
#listen status
#---------------------------------------------------------------------
listen haproxy_status
bind *:9800
mode http
option httplog
maxconn 200
stats refresh 120s
log 127.0.0.1 local0 err
stats uri /haproxy-status
stats realm welcome login\haproxy
stats auth admin:123456
stats hide-version
stats admin if TRUE
//測試,通過瀏覽器訪問 ip:9800/haproxy-status 代理頁面可以查看後端服務狀態
//通過訪問域名 webb.hgtop.xyz 訪問後端web服務