我在端口80 apache服务器上的同一台服务器上作为虚拟主机运行,另一台TCP服务器在端口8888上实时运行。
使用haproxy(到bind :443 ssl crt all.pem ciphers ECDHE
)我能够使端口8888正常工作,但我现在如何将https://www.stackoverflow.com和https://www.google.com流量转移到apache端口80?
backend api
balance roundrobin
server service 127.0.0.1:8888 weight 1 maxconn 2500 check
backend www_stackoverflow_com
balance roundrobin
cookie SERVERID insert nocache indirect
option httpchk HEAD /check.txt HTTP/1.0
option httpclose
option forwardfor
server Server1 www.stackoverflow.com:80 cookie Server1
server Server2 10.1.1.2:80 cookie Server2
backend www_google_com
balance roundrobin
cookie SERVERID insert nocache indirect
option httpchk HEAD /check.txt HTTP/1.0
option httpclose
option forwardfor
server Server1 www.google.com:80 cookie Server1
server Server2 192.168.5.2:80 cookie Server2
答案 0 :(得分:0)
您可以使用以下内容。请有人更新此版本以进行优化。
##############################################
# Global
##############################################
global
log 127.0.0.1 local0 debug
#log 127.0.0.1 local2 info
maxconn 8000
user haproxy
group haproxy
##############################################
# Defaults
##############################################
defaults
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
mode http
maxconn 5000
timeout connect 5s
timeout client 30s
timeout server 30s
timeout tunnel 12h
##############################################
# Frontend - receive http transfer as https
# It creates a frontend that listens on port 8881,
# sets x-forwarded-for and
# redirects all requests on HTTP to their equivalent on HTTPS
# 30 defines a frontend named www,
# 31 has it listen on port 8881,
# 32 has it insert x-forwarded-for: <client ip>,
# 33 redirects to the same location using https if the connection is not ssl
##############################################
frontend www
bind :8881
option forwardfor
redirect scheme https if !{ ssl_fc }
##############################################
# Frontend
##############################################
frontend lb
##############################################
# Chiphers:
# -------------------------------------------
# ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-
# AES256-GCM-SHA384:ECDHE-ECDSA-AES256-
# SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-
# AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-
# SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-
# AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-
# RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-
# RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
#
##############################################
bind :443 ssl crt /root/all.pem ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA
option forwardfor
reqadd X-Forwarded-Proto:\ https
default_backend api
#acl is_websocket hdr(Upgrade) -i WebSocket
acl is_api hdr_beg(Host) -i api
acl is_freeswitch hdr(Host) -i ws.A.com
acl is_turn hdr(Host) -i turn.A.com
acl is_realtime hdr(Host) -i realtime.A.com
acl is_interpretation hdr(Host) -i B.A.com
acl is_B hdr(Host) -i B.A.com
acl is_talk hdr(Host) -i talk.A.com
acl is_italk hdr(Host) -i italk.A.com
acl is_video hdr(Host) -i video.A.com
acl is_js hdr(Host) -i js.A.com
acl is_sip hdr(Host) -i sip.A.com
acl is_demo hdr(Host) -i demo.A.com
acl is_chat hdr(Host) -i chat.A.com
acl is_vnc hdr(Host) -i vnc.A.com
use_backend turn if is_turn
use_backend api if is_api
use_backend realtime if is_realtime
use_backend interpretation if is_interpretation
use_backend B if is_B
use_backend freeswitch if is_freeswitch
use_backend talk if is_talk
use_backend talk if is_italk
use_backend talk if is_video
use_backend js if is_js
use_backend js if is_sip
use_backend js if is_demo
use_backend chat if is_chat
use_backend vnc if is_vnc
##############################################
# Backend - TCP PORTS
# 8888 = signal master
# 3000 = realtime
# 3001 = interpretation
# 3002 = ??
# 3003 = B
# 5066 = freeswitch
##############################################
backend api
balance roundrobin
server service 127.0.0.1:8888 weight 1 maxconn 2500 check
backend turn
balance roundrobin
server service 127.0.0.1:8888 weight 1 maxconn 2500 check
backend realtime
balance roundrobin
server service 127.0.0.1:3000 weight 1 maxconn 2500 check
backend interpretation
balance roundrobin
server service 127.0.0.1:3001 weight 1 maxconn 2500 check
backend B
balance roundrobin
server service 127.0.0.1:3003 weight 1 maxconn 2500 check
backend freeswitch
balance roundrobin
server service 127.0.0.1:5066 weight 1 maxconn 2500 check
backend talk
mode http
balance roundrobin
#option httpclose
option forceclose
server service talk.A.com:80 weight 1 maxconn 2500 check
backend js
balance roundrobin
mode http
#option httpclose
option forceclose
server service js.A.com:80 weight 1 maxconn 2500 check
backend chat
balance roundrobin
mode http
#option httpclose
option forceclose
server service chat.A.com:80 weight 1 maxconn 2500 check
backend vnc
balance roundrobin
mode http
#option httpclose
option forceclose
server service vnc.A.com:80 weight 1 maxconn 2500 check