我正在使用 HAproxy 运行负载平衡服务器,并在同一台机器上使用 stunnel 实现 Https,在实际的网页端我有 2 个具有类似行为的不同网页,A 和 B。
以下是 Stunnel 的配置:
sslVersion = SSLv3
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
sslVersion = SSLv3
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
pid = /stunnel.pid
debug = 7
output = /var/log/stunnel.log
[web_A]
accept = 192.168.5.241:443
connect = 192.168.5.241:80
verify = 1
cert = /etc/stunnel/webA-cert-key.pem
CAfile = /etc/stunnel/cert.ca.pem
key = /etc/ssl/certs/webA-private.key
[web_B]
accept = 192.168.5.242:443
connect = 192.168.5.242:80
cert = /etc/stunnel/webB/webB.cert.pem
key = /etc/ssl/certs/webB/webB.key.pem
CAfile = /etc/stunnel/ca.cert.pem
对于 HAproxy:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 100000
user haproxy
group haproxy
daemon
defaults
log global
mode http
option http-server-close
option httplog
retries 3
option redispatch
maxconn 100000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webA-farm 192.168.5.241:80
stats enable
stats auth admin:admin
stats uri /stats/
balance roundrobin
option forwardfor
cookie JSESSIONID prefix
server web1 192.168.1.231:80 cookie JSESSIONID_S1 weight 100 check
listen webB-farm 192.168.5.242:80
stats enable
stats auth admin:admin
stats uri /stats/
balance roundrobin
option forwardfor
cookie CL insert indirect nocache
server web2 192.168.1.233:80 weight 100 check cookie CL2
它在网站 A 上工作正常,但在网站 B 上却不起作用,这就是我的问题。我尝试在两个网站上使用相同类型的 cookie,但没有用。还重做了密钥和证书(我是自己的 CA),但问题仍然存在。
我还可以检查什么来解决这个问题?
谢谢。
编辑1:
以下是两个网站的 httpd 代理配置:
Web A 在这里,我将连接从端口 80 重定向到 Web A 所在的 tomcat 端口 8020,并确保它请求 https 而不是 http:
NameVirtualHost *:80
<VirtualHost 192.168.1.231:80>
ServerAdmin [email protected]
DocumentRoot /var/www/
ServerName webA.com
ServerAlias webA.com
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^/(.*)$ /Track [R,L]
#RewriteRule ^(.*)$ http://127.0.0.1:8020/trackA/Track [P,L]
RewriteCond %{REQUEST_URI} ^/Track$
RewriteRule ^/(.*)$ http://127.0.0.1:8020/trackA/$1 [P,L]
RewriteCond %{REQUEST_URI} ^/Track(.*)
RewriteRule ^/(Track)/(.*)$ http://127.0.0.1:8020/track3/$2 [P,L]
RewriteCond %{REQUEST_URI} ^.*$
RewriteRule ^/(.*)$ http://127.0.0.1:8020/trackA/$1 [P,L]
ProxyPassReverse / /track3/
#ProxyPassReverse / https://127.0.0.1:8020/trackA/
ProxyPassReverseCookiePath / /
#ProxyPassReverseCookiePath / http://192.168.5.241/track3/
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 5
ErrorLog "logs/error.log"
CustomLog "logs/access.log" common
</VirtualHost>
Web B 也一样:
NameVirtualHost *:80
<VirtualHost 192.168.1.233:80>
ServerAdmin [email protected]
DocumentRoot /var/www/
ServerName webB.com
ServerAlias webB.com
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^/(.*)$ /Track [R,L]
RewriteCond %{REQUEST_URI} ^/Track$
RewriteRule ^/(.*)$ http://127.0.0.1:8020/trackB/$1 [P,L]
RewriteCond %{REQUEST_URI} ^/repot/(.*)$
RewriteRule ^/(.*)$ http://192.168.1.121/$1 [P,L]
RewriteCond %{REQUEST_URI} ^.*$
RewriteRule ^/(.*)$ http://127.0.0.1:8020/trackB/$1 [P,L]
#ProxyPassReverse / http://192.168.5.242/
ProxyPassReverse / /
ProxyPassReverseCookiePath / /
RewriteLog "/var/log/httpd/rewrite.log"
RewriteLogLevel 5
ErrorLog "logs/errror.log"
CustomLog "logs/access.log" common
</VirtualHost>
编辑2:
当我访问网站 B 时,我收到此消息:
页面未正确重定向
Firefox 检测到服务器正在以永远无法完成的方式重定向此地址的请求。
This problem can sometimes be caused by disabling or refusing to accept cookies.
答案1
尝试设置 haproxy 1.5 并摆脱stunnel