我对 https 前端中带有 path_beg 的 acls 有疑问。
我的环境:
haproxy ==> acl 1 /web1 ===> https://app/web1 haproxy ==> acl 2 /web2 ==> https://app/web2
配置:
frontend https-in
mode tcp
bind xxx.xxx.xxx.xxx:443
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl host_https-app2 req_ssl_sni -i app.example.com
use_backend app2_https if host_https-app2
backend app2_https
mode tcp
balance source
stick-table type binary len 32 size 30k expire 30m
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
tcp-response content accept if serverhello
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
option ssl-hello-chk
server srv1-HTTPS srv1:443 check
server srv2-HTTPS srv2:443 check backup
我的监控示例:
tcp-check connect port 443
tcp-check send GET\ /web1\ HTTP/1.0\r\n
tcp-check send Host:\ app.example.com\r\n
tcp-check send \r\n
tcp-check expect rstring (2..|3..)
谢谢!
答案1
尝试一下..
frontend https-in
mode http
option httplog
bind xxx.xxx.xxx.xxx:443
<...>
use_backend app2_https if { hdr(host) -i app.example.com } { path_beg /web2/ }
<...>
backend app2_https
mode http
option httplog
<...>
option ssl-hello-chk
server srv1-HTTPS srv1:443 check
server srv2-HTTPS srv2:443 check backup
<...>