我在haproxy(版本1.7.1)和nginx(版本1.10.1),openssl(1.0.2j)上配置了http / 2,结果是http / 2工作nginx但是当配置nginx是haproxy的后端服务器时所以不工作 这是我在haproxy和nginx上的配置:
###frontend#####
frontend https-in
bind *:443 ssl crt /build/ssl/ants.vn.pem alpn h2,http/1.1
acl backend_http2 hdr_beg(host) -i ants.vn
use_backend backend_http2 if { ssl_fc_alpn -i h2 }
###backend#########
# v1.backend_http2
backend backend_http2
mode tcp
fullconn 100000
balance roundrobin
option redispatch
option abortonclose
option httpclose
option forwardfor
compression algo gzip
compression type text/cmd text/css text/csv text/html text/javascript text/plain text/vcard text/xml application/json application/x-www-form-urlencoded application/javascript application/x-javascript
server ants.vn 192.168.2.140:8087 check send-proxy weight 1 maxconn 8192 check ssl verify none
+backend Nginx
server {
client_max_body_size 50m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
listen 8087 ssl http2 proxy_protocol;
server_name ants.vn;
ssl on;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_certificate /build/ssl/ants.vn.crt;
ssl_certificate_key /build/ssl/ants.vn.key;
access_log /data/www/logs/ants.vn_access.log;
error_log /data/www/logs/ants.vn_error.log;
port_in_redirect off;
set_real_ip_from 192.168.2.0/24;
real_ip_header proxy_protocol;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /demo {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Forwarded-Proto tcp;
proxy_set_header X-NginX-Proxy true;
index index.html;
try_files $uri $uri/ /demo/index.php?$args;
root /data/www/public_html/v1.mon.adx.vn;
}
+从后端Nginx运行时的结果(确定)
答案 0 :(得分:0)
看起来你加密了两次连接。 仅在Haproxy上卸载SSL就像在此处描述的那样:https://ispire.me/http2-ssl-offloading-with-haproxy-and-nginx/