热门标签
热门文章
- 1使用vscode进行stm32 HAL库开发_vs code使用hal库
- 2Python酷库之旅-第三方库Pandas(055)
- 3【机器人学】1-3.六自由度机器人工作空间 【附MATLAB代码】_六自由度机器人工作空间matlab
- 4Mysql中的运算符详解。
- 5我遇见的细节使用的注解_alternatenames
- 6Centos 7 一键安装openstack
- 7博客标题: 在 Spring Boot 中使用策略模式实现灵活的订单处理
- 8mysql 使用位运算
- 9洛谷 P1886 滑动窗口 /【模板】单调队列_单调队列洛谷
- 10使用vue-infinite-scroll实现无限滚动_v-infinite-scroll="loadmore" infinite-scroll-disab
当前位置: article > 正文
HAproxy 综合配置http https ws wss_haproxy wss
作者:小惠珠哦 | 2024-08-16 11:09:06
赞
踩
haproxy wss
大家好! 最近因公司业务需求。使用HAproxy充当网关功能,并支持https协议及wss协议(后端服务不再需要做证书处理)。网上找了一些资料,可惜很难找到一个全面的haproxy.cnf模板。经过1天的沉淀,最终将http https ws wss 整合同一个配置文件,同时对外提供服务。现跟大家分享
1 证书生成
#前提条件 先查看haproxy是否支持openssl。如果没有重新编译安装 haproxy -vv make TARGET=linux26 USE_OPENSSL=1 ADDLIB=-lz ldd haproxy | grep ssl #1 生成.csr .key .crt 文件 sudo openssl x509 -req -days 365 -in /etc/ssl/xip.io/xip.io.csr -signkey /etc/ssl/xip.io/xip.io.key -out /etc/ssl/xip.io/xip.io.crt #2 创建servername.pem 证书文件 vi /etc/ssl/certs/servername.pem #内容=/etc/ssl/xip.io/xip.io.crt内容 + /etc/ssl/xip.io/xip.io.key内容 -----BEGIN CERTIFICATE----- MIIB+zCCAWQCCQCEkx8gEiAJ5DANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJY WDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh bnkgTHRkMB4XDTE5MTEyNTA5MjYzOVoXDTIwMTEyNDA5MjYzOVowQjELMAkGA1UE BhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBD b21wYW55IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArx1Vkq6+G/i1 AvWoEWSiepBt/OigypnFiq9XJkswrl30eP+6Tg+clHaIc3oR2Cf+zVvEa7t0dxLJ Gi3i5DdM2sAdR0ATvnND2sy9Ktp+RUokg7Wql2LdVe0Qx1ZyBW3Tt8FSyvVIdRjG CYb5P82ItQCU8ZC9zra4SASkj//b3AsCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCj PJe01Wsldx3idq4S8VkJ2aJwPVSof5VofOuFOzb9Y18nIguRzJJsQQeaUAf45LvF a16AO0isRvor389U3rm6HI//4Wjzeoe0rG2890naQBK1kV7RWyywHvP+ijN2UMA0 ve6COpThkTUDR1As7YXmjOhONeT35hG70TXEHbKIBw== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQCvHVWSrr4b+LUC9agRZKJ6kG386KDKmcWKr1cmSzCuXfR4/7pO D5yUdohzehHYJ/7NW8Rru3R3EskaLeLkN0zawB1HQBO+c0PazL0q2n5FSiSDtaqX Yt1V7RDHVnIFbdO3wVLK9Uh1GMYJhvk/zYi1AJTxkL3OtrhIBKSP/9vcCwIDAQAB AoGBAIgVArf/hYsVJg2Lu7TwgHdAn8iHOtTW1LVmdxIyIj2Ok/onuK8K4MJarsUW WqGgyxjpNGYIAYS7G351pDl3ZAfb9VhGnOJOXgh+4Fp7Lkm4I7e3iN3DExZeUUZ7 9zbu1IM/prF4CUqvyQ8DBouIojhY045gjk3Zb/To5jbHcbnJAkEA6JuSTxdf3oy7 I1xH/Uxf5aIyj0VTAU4SVP3Ogkjrixa7iaMg11JicBt++f65jXPnzjW/16NF3ob0 VbVeYDCOVwJBAMC5ndbbUecN8FoHey6+IPnRMK/YXWYYKVKtt4/lTsunYB2O5T3H 5RUNFr4Hy/+kM14Ij0XMyTdtf6bbIRaAJ20CQDS5Zq2Ex9dDIPv/49V3ZVlAraMp /ImUL7WSHigL7VAGpBWrozsLUoLEyMBTy61Tc1ybdFOlj6XEA0gWJ0E4YFsCQQCe KndwMnRoFJdxu3wL43u6qkSzu/UC6cdYFDt2u7FMD+QgvfpDFr9Z5HEKqelwtzh0 7r9ugF+Ovq2pqWLhTXGNAkArvKE2HrJf4imOrPoKFoEfNgFL78dDuN+oib4tKd+t Wd3RKLHC/CJ3N0fsl7X8ar2qd8wJOpGXUKbvdUzvpABP -----END RSA PRIVATE KEY-----
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
2 haproxy.cnf
global log 127.0.0.1 local3 maxconn 20480 chroot /usr/local/haproxy uid 1004 #1004为haproxy 用户的uid ,haproxy用户需要自己手动创建 gid 1004 daemon quiet nbproc 1 pidfile /var/run/haproxy.pid defaults log global mode http maxconn 20480 option httplog option httpclose option http-pretend-keepalive option forwardfor option dontlognull option redispatch retries 3 balance roundrobin # balance url_param userid stats uri /haproxy-stats contimeout 5000 clitimeout 50000 srvtimeout 50000 listen http_queue bind *:10535 mode http http-request set-header http_req yes balance roundrobin option httplog option dontlognull option logasap option forwardfor option httpclose option http-pretend-keepalive server http_queue1 192.168.15.56:10535 cookie 1 check inter 2000 rise 3 fall 3 server http_queue2 192.168.10.139:10535 cookie 1 check inter 2000 rise 3 fall 3 frontend https_queueservice bind *:20535 ssl crt /etc/ssl/certs/servername.pem mode http option httpclose option forceclose option http-server-close option forwardfor except 127.0.0.1 reqadd X-Forwarded-Proto:\ https default_backend https_queueservice option httpclose #option http-pretend-keepalive #option httpchk GET /TLS/healthcheck HTTP/1.1\r\nHost:\ #http-check expect status 200 #option httpchk GET /index.html backend https_queueservice mode http balance roundrobin option httpclose option forceclose option http-server-close option forwardfor except 127.0.0.1 cookie SERVERID insert indirect nocache server queueservice_1 192.168.15.56:10535 cookie 1 check inter 2000 rise 3 fall 3 listen http_smagent bind *:11802 mode http balance roundrobin option httplog option dontlognull option logasap option forwardfor option httpclose option http-pretend-keepalive server http_smagent1 192.168.8.151:11802 cookie 1 check inter 2000 rise 3 fall 3 frontend https_smagent bind *:21802 ssl crt /etc/ssl/certs/servername.pem mode http option httpclose option forceclose option http-server-close option forwardfor except 127.0.0.1 reqadd X-Forwarded-Proto:\ https default_backend https_smagent option httpclose #option http-pretend-keepalive #option httpchk GET /TLS/healthcheck HTTP/1.1\r\nHost:\ #http-check expect status 200 #option httpchk GET /index.html backend https_smagent mode http balance roundrobin option httpclose option forceclose option http-server-close option forwardfor except 127.0.0.1 cookie SERVERID insert indirect nocache server queueservice_1 192.168.8.151:11802 cookie 1 check inter 2000 rise 3 fall 3 listen socket-signa-ws mode tcp bind *:10538 balance roundrobin #timeout queue 5000 timeout server 86400000 timeout connect 86400000 server server1 192.168.15.57:10538 check server server2 192.168.10.139:10538 check frontend socket-signa-wss bind *:20538 ssl crt /etc/ssl/certs/servername.pem mode http maxconn 60000 acl host_ws hdr_beg(Host) -i ws. use_backend socket-signa-wss if host_ws acl hdr_connection_upgrade hdr(Connection) -i upgrade acl hdr_upgrade_websocket hdr(Upgrade) -i websocket use_backend socket-signa-wss if hdr_connection_upgrade hdr_upgrade_websocket #default_backend bk_web backend socket-signa-wss balance roundrobin server websrv1 192.168.15.57:10538 maxconn 30000 weight 10 cookie websrv1 check server websrv2 192.168.10.139:10538 maxconn 30000 weight 10 cookie websrv2 check
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小惠珠哦/article/detail/987929
推荐阅读
相关标签
