我安装了带有Proxmox和一些lxc容器的服务器。在此服务器上,几个域应仅使用一个公共IP运行。目前,我正在尝试使用HAProxy实现反向代理,但是它不允许子文件夹或变量。
例如,这种访问是不可能的: domain.tld / css / default.css domain.tld / system / login
如何允许所有连接?
我的配置:
frontend http_in
mode tcp
bind *:80
bind *:443
tcp-request inspect-delay 5s
acl sslv3 req.ssl_ver 3
tcp-request content reject if sslv3
tcp-request content accept if { req_ssl_hello_type 1 }
acl web1 hdr(host) -i domain1.tld
acl web2 hdr(host) -i domain2.tld
use_backend web1 if web1
use_backend web2 if web2
backend web1
mode tcp
server web1 10.10.10.110
backend web2
mode tcp
server web2 10.10.10.112
非常感谢您。
答案 0 :(得分:1)
根据此链接:
https://discourse.haproxy.org/t/tcp-with-acl-possible/283/2
您应该在前端将mode设置为http(不是tcp),以使hdr(主机)ACL正常工作。我正在使用类似的配置,而将模式设置为http则没有任何问题。
代理操作正常后,路径(后缀)应该没有问题。
答案 1 :(得分:0)
haproxy.service - HAProxy Load Balancer
Loaded: loaded (/lib/systemd/system/haproxy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2018-12-12 14:03:06 UTC; 6s ago
Docs: man:haproxy(1)
file:/usr/share/doc/haproxy/configuration.txt.gz
Process: 4294 ExecStart=/usr/sbin/haproxy-systemd-wrapper -f $CONFIG -p $PIDFILE $EXTRAOPTS (code=exited, status=0/SUCCESS)
Process: 4322 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS (code=exited, status=1/FAILURE)
Main PID: 4294 (code=exited, status=0/SUCCESS)
Dec 12 14:03:06 haproxy systemd[1]: haproxy.service: Control process exited, code=exited status=1
Dec 12 14:03:06 haproxy systemd[1]: Failed to start HAProxy Load Balancer.
Dec 12 14:03:06 haproxy systemd[1]: haproxy.service: Unit entered failed state.
Dec 12 14:03:06 haproxy systemd[1]: haproxy.service: Failed with result 'exit-code'.
Dec 12 14:03:06 haproxy systemd[1]: haproxy.service: Service hold-off time over, scheduling restart.
Dec 12 14:03:06 haproxy systemd[1]: Stopped HAProxy Load Balancer.
Dec 12 14:03:06 haproxy systemd[1]: haproxy.service: Start request repeated too quickly.
Dec 12 14:03:06 haproxy systemd[1]: Failed to start HAProxy Load Balancer.
Dec 12 14:03:06 haproxy systemd[1]: haproxy.service: Unit entered failed state.
Dec 12 14:03:06 haproxy systemd[1]: haproxy.service: Failed with result 'exit-code'.
Dec 12 14:03:06 haproxy haproxy[4320]: [ALERT] 345/140306 (4320) : Fatal errors found in configuration.
Dec 12 14:03:06 haproxy haproxy[4321]: [ALERT] 345/140306 (4321) : http frontend 'http_in' (/etc/haproxy/haproxy.cfg:41) tries to use incompatible tcp backend 'web1' (/etc/haproxy/haproxy.cfg:61) in a 'use_backend' rule (see 'mode').
Dec 12 14:03:06 haproxy haproxy[4321]: [ALERT] 345/140306 (4321) : http frontend 'http_in' (/etc/haproxy/haproxy.cfg:41) tries to use incompatible tcp backend 'web2' (/etc/haproxy/haproxy.cfg:65) in a 'use_backend' rule (see 'mode').
Dec 12 14:03:06 haproxy haproxy[4321]: [ALERT] 345/140306 (4321) : Fatal errors found in configuration.
Dec 12 14:03:06 haproxy haproxy[4322]: [ALERT] 345/140306 (4322) : http frontend 'http_in' (/etc/haproxy/haproxy.cfg:41) tries to use incompatible tcp backend 'web1' (/etc/haproxy/haproxy.cfg:61) in a 'use_backend' rule (see 'mode').
Dec 12 14:03:06 haproxy haproxy[4322]: [ALERT] 345/140306 (4322) : http frontend 'http_in' (/etc/haproxy/haproxy.cfg:41) tries to use incompatible tcp backend 'web2' (/etc/haproxy/haproxy.cfg:65) in a 'use_backend' rule (see 'mode').
我明白什么地方不对吗?