我在Docker中使用HAProxy:
FROM haproxy:1.8.9
我的配置如下:
global
maxconn 256
log 127.0.0.1 local0
nbproc 1
defaults
log global
mode http
log-format frontend:%f/%H/%fi:%fp\ client:%ci:%cp\ GMT:%T\ body:%[capture.req.hdr(0)]\ request:%r
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
timeout queue 60000ms
timeout http-request 15000ms
timeout http-keep-alive 15000ms
option redispatch
option forwardfor
option http-server-close
# option httplog
# option dontlognull
frontend http-in
bind *:80
bind *:443 ssl crt /secrets/server.pem
redirect scheme https if !{ ssl_fc }
mode http
default_backend splunk_servers
在启动过程中,我得到:
parsing [/usr/local/etc/haproxy/haproxy.cfg:26] : error detected in frontend 'http-in' while parsing redirect rule : error in condition: no such ACL : 'ssl_fc'
你知道为什么吗?
根据HAProxy docs,此ACL应该可用。
当我使用-vv选项运行它时,输出如下所示:
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-null-dereference -Wno-unused-label
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.1.0f 25 May 2017
Running on OpenSSL version : OpenSSL 1.1.0f 25 May 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
看起来HAProxy是使用SSL构建的,那怎么了?