Haproxy 问题 URL 上下文和 SSL

Haproxy 问题 URL 上下文和 SSL

我对 https 前端中带有 path_beg 的 acls 有疑问。

我的环境:

haproxy ==> acl 1 /web1 ===> https://app/web1 haproxy ==> acl 2 /web2 ==> https://app/web2

配置:

frontend https-in
    mode tcp
    bind xxx.xxx.xxx.xxx:443

tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }

  acl host_https-app2 req_ssl_sni -i  app.example.com
  use_backend app2_https  if host_https-app2





  backend app2_https
        mode tcp
        balance source

  stick-table type binary len 32 size 30k expire 30m
  acl clienthello req_ssl_hello_type 1
  acl serverhello rep_ssl_hello_type 2

  tcp-request inspect-delay 5s
  tcp-request content accept if clienthello

  tcp-response content accept if serverhello

  stick on payload_lv(43,1) if clienthello

  stick store-response payload_lv(43,1) if serverhello

  option ssl-hello-chk


  server  srv1-HTTPS srv1:443 check
  server  srv2-HTTPS srv2:443 check backup

我的监控示例:

 tcp-check connect port 443
tcp-check send GET\ /web1\ HTTP/1.0\r\n
tcp-check send Host:\ app.example.com\r\n
tcp-check send \r\n
tcp-check expect rstring (2..|3..)

谢谢!

答案1

尝试一下..

frontend https-in
    mode    http
    option  httplog
    bind    xxx.xxx.xxx.xxx:443

    <...>

    use_backend app2_https if { hdr(host) -i app.example.com } { path_beg /web2/ }

    <...>

backend app2_https
    mode    http
    option  httplog        

    <...>

    option  ssl-hello-chk
    server  srv1-HTTPS srv1:443 check
    server  srv2-HTTPS srv2:443 check backup

    <...>

相关内容