我在centos 7上遇到haproxy 1.5.2的问题。 我创建了一个包含私钥和自签名证书的pem文件,但在配置时,haproxy无法启动。
当我按此顺序获得证书时:
-----BEGIN PRIVATE KEY----
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
我收到以下错误消息:
Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: [ALERT] 050/142729 (2218) : Proxy 'test': no SSL certificate specified for bind '*:443' at [/etc/haproxy/haproxy.cfg:64] (use 'crt').
Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: [ALERT] 050/142729 (2218) : Fatal errors found in configuration.
Feb 20 14:27:29 test.net haproxy-systemd-wrapper[2217]: haproxy-systemd-wrapper: exit, haproxy RC=256
Feb 20 14:30:11 test.net systemd[1]: Starting HAProxy Load Balancer...
Feb 20 14:30:11 test.net systemd[1]: Started HAProxy Load Balancer.
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: [ALERT] 050/143011 (2254) : OpenSSL random data generator initialization failed.
如果我按此顺序拥有它:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY----
-----END PRIVATE KEY-----
我收到以下错误:
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: [ALERT] 050/143011 (2254) : Fatal errors found in configuration.
Feb 20 14:30:11 test.net haproxy-systemd-wrapper[2253]: haproxy-systemd-wrapper: exit, haproxy RC=256
Feb 20 14:36:45 test.net systemd[1]: Starting HAProxy Load Balancer...
Feb 20 14:36:45 test.net systemd[1]: Started HAProxy Load Balancer.
Feb 20 14:36:45 test.net haproxy-systemd-wrapper[2292]: haproxy-systemd-wrapper: executing /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -Ds
Feb 20 14:36:45 test.net haproxy-systemd-wrapper[2292]: [ALERT] 050/143645 (2293) : parsing [/etc/haproxy/haproxy.cfg:64] : 'bind *:443' : unable to load SSL private key from PEM file '/etc/haproxy/certs/haproxy.pem'.
我的前端配置如下所示:
frontend test
bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
mode http
default_backend testnodes
我做错了什么?