HTTPS URL重定向不使用HaProxy

时间:2015-08-24 21:07:54

标签: ssl https docker reverse-proxy haproxy

我有两个域,每个域都支持HTTP和HTTPS - 我想将它们重定向到正确的端口/服务器。以下配置适用于HTTP但不适用于HTTPS

global
  log 127.0.0.1 local0
  log 127.0.0.1 local1 notice
  chroot /var/lib/haproxy
  user haproxy
  group haproxy
  # daemon

defaults
  log global
  mode http
  option httplog
  option dontlognull
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms

frontend http-in
  bind *:80
  acl ui hdr(host) -i app.XYZ.com
  acl api hdr(host) -i api.XYZ.com
  use_backend apiserverHTTP if api
  use_backend uiserverHTTP if ui

frontend https-in
  bind *:443
  acl ui hdr(host) -i app.XYZ.com
  acl api hdr(host) -i api.XYZ.com
  use_backend apiserverHTTPS if api
  use_backend uiserverHTTPS if ui

backend apiserverHTTP
  option tcplog
  balance leastconn
  server apiserver-2 10.132.62.240:31000 check
  server apiserver-1 10.132.62.242:31000 check

backend apiserverHTTPS
  option tcplog
  balance leastconn
  server apiserverS-2 10.132.62.240:31001 check
  server apiserverS-1 10.132.62.242:31001 check

backend uiserverHTTP
  option tcplog
  balance leastconn
  server uiserver-1 10.132.62.240:31002 check

backend uiserverHTTPS
  option tcplog
  balance leastconn
  server uiserverS-1 10.132.62.240:31003 check

HTTP重定向没有问题 - HTTPS不进行任何类型的重定向。如果设置,则失败或降至默认值。

1 个答案:

答案 0 :(得分:0)

试试这个:

frontend http-in
  bind *:80
  bind *:443

  acl ui        hdr(host) -i app.XYZ.com
  acl api       hdr(host) -i api.XYZ.com
  acl http_80   dst_port 80
  acl https_443 dst_port 443

  use_backend apiserverHTTP     if api http_80
  use_backend uiserverHTTP      if ui http_80
  use_backend apiserverHTTPS    if api https_443
  use_backend uiserverHTTPS     if ui https_443

backend apiserverHTTP
  option tcplog
  balance leastconn
  server apiserver-2 10.132.62.240:31000 check
  server apiserver-1 10.132.62.242:31000 check

backend apiserverHTTPS
  option tcplog
  balance leastconn
  server apiserverS-2 10.132.62.240:31001 check
  server apiserverS-1 10.132.62.242:31001 check

backend uiserverHTTP
  option tcplog
  balance leastconn
  server uiserver-1 10.132.62.240:31002 check

backend uiserverHTTPS
  option tcplog
  balance leastconn
  server uiserverS-1 10.132.62.240:31003 check