如何在haproxy https 代理配置可以正向代理https

来源:蜘蛛抓取(WebSpider) 时间:2017-06-03 03:42 标签: haproxy https
Nginx不支持https的正向代理 | Nginx |
_数据库_运维_开发_IT学习_无忧IT学习网
一起学习!一起进步!
Nginx不支持https的正向代理
浏览: 227 views
nginx虽然很好,但也不是万能的,&只做自己最擅长的或许才是聪明的选择&.
最近用nginx尝试搭建了proxy代理内部机器上网,nginx基于http的代理确实非常不错,性能真没得说。不过访问https时问题来了,登陆不了...
虽然很好,但也不是万能的,&只做自己最擅长的或许才是聪明的选择&.
最近用尝试搭建了proxy代理内部机器上网,基于http的代理确实非常不错,性能真没得说。不过访问https时问题来了,登陆不了,日志中会有很多这样的记录:
192.168.0.120 & – [01/Nov/:39 +0000] &CONNECT :443 HTTP/1.0&P 400 166 &-& &-&
192.168.0.120 & – [01/Nov/:39 +0000] &CONNECT :443 HTTP/1.0&P 400 166 &-& &-&
192.168.0.120 & – [01/Nov/:39 +0000] &CONNECT :443 HTTP/1.0&P 400 166 &-& &-&
192.168.0.120 & – [01/Nov/:39 +0000] &CONNECT :443 HTTP/1.0&P 400 166 &-& &-&
问了google大神半天,偶然看到了作者Igor Sysoev的解答:http://forum..org/read.?2,#msg-15256
Q:I suspect
has not been designed to be used as a forward proxy. If
won&t foot the bill, can anyone recommend a free solution please?
has not been disigned as a forward proxy. You should try squid
which was a forward proxy from the very start.
Q:Is there any schedule to support the feathure, forward proxy ?
A:Not in near future: there is alreay good forward proxy Squid.
看来还得继续使用Squid,proxy中的战斗机。
& | & & | & & | & & | & & | & & | & & | & & | & & | & & | & & | & & | & & | &
最热门文章
41259 views
10919 views
9976 views
6395 views
5960 views
4777 views
4118 views
4056 views
友情链接 |
本站进行131次查询推荐这篇日记的豆列
&&&&&&&&&&&&127.0.0.1 local0
/var/lib/haproxy
#chroot运行路径
/var/run/haproxy.pid
#haproxy 进程PID文件
#默认最大连接数,需考虑ulimit-n限制
#以后台形式运行harpoxy
& & & ssl-default-bind-ciphers&TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH& & & ssl-default-bind-options no-sslv3 no-tls-tickets
tune.ssl.default-dh-param 2048
ssl-server-verify none
stats socket /var/lib/haproxy/stats
forwardfor
dontlognull #不记录健康检查日志信息
redispatch
#当serverId对应的服务器挂掉后,强制定向到其他健康的服务器,以后将不支持
#两次连接失败就认为是服务器不可用,也可以通过后面设置
timeout connect
timeout client
#客户端超时
timeout server
#服务器超时
#默认最大连接数,需考虑ulimit-n限制
########统计页面配置########
listen admin_stats
0.0.0.0:5000
#设置Frontend和Backend的组合体,监控组的名称,按需要自定义名称
#http的7层模式
refresh 30s
#统计页面自动刷新时间
#统计页面url
Cloud\Haproxy
#统计页面密码框上提示文本
admin:admin
#设置监控页面的用户和密码:admin,可以设置多个用户名
hide-version
#隐藏统计页面上HAProxy的版本信息
admin if TRUE
#设置手工启动/禁用,后端服务器(haproxy-1.4.9以后版本)
########frontend前端配置##############
########backend后端配置##############
listen http_80
bind 0.0.0.0:80
balance leastconn
log global
log-format "%Tl",%{+Q}ci,"%fi:%fp",%{+Q}bi,%{+Q}r,%ST,%B,%{+Q}hr,%Tt
option httpclose
option forwardfor
option http-server-close
capture request header Host len 255
capture request header User-Agent len 255
capture request header Referer len 255
capture request header Cookie len 255
timeout http-request 50s
timeout http-keep-alive 55s
server http_80_web1_80 192.168.6.15:80 cookie web1_80 weight 10 check inter 3000 rise 3 fall 5
server http_80_web2_80 192.168.6.16:80 cookie web2_80 weight 10 check inter 3000 rise 3 fall 5
acl ericdress_com hdr(host) -m
redirect prefix http:// code 301 if ericdress_com
########tcp配置#################
listen https_443
bind *:443 ssl crt /etc/ssl/certs/eric.pem
#需要设置证书文件的位置
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
#增加http头
capture request header Host len 255
capture request header User-Agent len 255
capture request header Referer len 255
capture request header Cookie len 255
timeout http-request 50s
timeout http-keep-alive 55s
server http_443_web1_443 192.168.6.15:443 ssl cookie web1_443 weight 10 check inter 3000 rise 3 fall 5
server http_443_web2_443 192.168.6.16:443 ssl cookie web2_443 weight 10 check inter 3000 rise 3 fall 5
阅读(...) 评论()鎵?竴鎵?紝璁块棶寰?ぞ鍖

我要回帖

更多关于 haproxy https 的文章

 

随机推荐