Ssl
HAPROXY : <NOSRV> PR - TLS 終止失敗
我在這裡發帖,因為我正在嘗試將 HAProxy 設置為具有 SSL/TLS 終止的反向代理,並且在日誌中出現以下錯誤:
Oct 17 12:10:03 localhost haproxy[2789]: xxx.xxx.xxx.xxx:33724 [17/Oct/2020:12:10:03.784] www-https www-https/<NOSRV> -1/-1/-1/-1/0 400 188 - - PR-- 1/1/0/0/0 0/0 "<BADREQ>"而且我不明白為什麼 HAProxy 會阻止請求。
你可以幫幫我嗎 ?
這是我的 haproxy.cfg :
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 5s user haproxy group haproxy daemon tune.ssl.default-dh-param 4096 defaults log global mode http option httplog option dontlognull option forwardfor option http_proxy timeout connect 5000 timeout client 50000 timeout server 5000 stats enable stats hide-version stats refresh 5s stats uri /hastats frontend www-http bind *:80 reqadd X-Forwarded-Proto:\ http default_backend www-backend # Test URI to see if its a letsencrypt request acl letsencrypt-acl path_beg /.well-known/acme-challenge/ use_backend letsencrypt-backend if letsencrypt-acl frontend www-https bind *:8000-9000 crt /etc/haproxy/certs/www.example.com.pem bind *:443 crt /etc/haproxy/certs/www.example.com.pem reqadd X-Forwarded-Proto:\ https default_backend www-backend backend www-backend mode http http-request set-header X-Forwarded-For %[src] reqadd X-Forwarded-Proto:\ https option http-server-close balance roundrobin redirect scheme https if !{ ssl_fc } server web1 xxx.xxx.xxx.101:80 check server web2 xxx.xxx.xxx.102:80 check backend letsencrypt-backend server letsencrypt 127.0.0.1:8080
www-https在前端bind線上添加ssl之前crt。沒有ssl它,它就像普通的 HTTP 一樣工作。所以:bind *:443 ssl crt /etc/haproxy/certs/www.example.com.pem