我无法让haproxy强制使用https。它适用于http和https。我希望它强制使用443端口。当我尝试使用.htaccess强制它时,它会显示“To many redirects”
这是我的haproxy.cfg:
global
log 127.0.0.1 local2
maxconn 2048
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
defaults
timeout server 86400000
timeout connect 86400000
timeout client 86400000
timeout queue 1000s
listen premierdis
bind 192.168.1.200:80
bind 192.168.1.200:443 ssl crt /root/.ssl/website.com.pem ciphers TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH
mode http
rspirep ^Location:\ http://(.*):80(.*) Location:\ https://\1:443\2 if { ssl_fc }
stats enable
stats uri /haproxy?stats
stats realm STATS
stats auth user:pass
balance source
option http-server-close
timeout http-keep-alive 3000
reqidel ^X-Real-IP:
option forwardfor header X-Real-IP
reqadd X-Forwarded-Proto:\ https
server srvg-webc-11 192.168.1.21:80 check
server srvg-webc-12 192.168.1.22:80 check
server srvg-webc-13 192.168.1.23:80 check
答案 0 :(得分:2)
如果您将配置拆分为HTTP的一个部分和HTTPS的一个部分,则可以使用HTTP部分中的redirect scheme将客户端重定向为使用HTTPS。
global
log 127.0.0.1 local2
maxconn 2048
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
defaults
timeout server 86400000
timeout connect 86400000
timeout client 86400000
timeout queue 1000s
listen premierdis-http
bind 192.168.1.200:80
mode http
redirect scheme https if !{ ssl_fc }
listen premierdis
bind 192.168.1.200:443 ssl crt /root/.ssl/website.com.pem ciphers TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH
mode http
stats enable
stats uri /haproxy?stats
stats realm STATS
stats auth user:pass
balance source
option http-server-close
timeout http-keep-alive 3000
reqidel ^X-Real-IP:
option forwardfor header X-Real-IP
reqadd X-Forwarded-Proto:\ https
server srvg-webc-11 192.168.1.21:80 check
server srvg-webc-12 192.168.1.22:80 check
server srvg-webc-13 192.168.1.23:80 check
希望有所帮助。