我在 2 个后端服务器上使用 HAproxy 作为负载均衡器。我安装了 SSL 证书,这是我的配置,在重新加载 HAproxy 时会出现大量错误。请帮忙!
这是我的配置:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
tune.ssl.default-dh-param 2048
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend kontentwebsite_in
bind *:80
mode http
redirect location https://example.com/
redirect prefix http://example.com code 301 if { hdr(host) -$
default_backend exampleservers_http
frontend www-https
bind *:443 ssl crt /etc/haproxy/example.crt
reqadd X-Forwarded-Proto:\ https
redirect prefix http://example.com code 301 if { hdr(host) -i www$
default_backend exampleservers_http
backend exampleservers_http
redirect prefix https code 301 if !{ ssl_fc }
appsession PHPSESSID len 64 timeout 3h request-learn prefix
balance roundrobin
mode http
server web1 ip:80 check
server web2 ip:80 check
错误如下:
root@....:~# service haproxy reload
* Reloading haproxy haproxy [ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:7] : unknown keyword 'tune.ssl.default-dh-param' in 'global' section
[ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:30] : 'redirect': error detected while parsing redirect condition.
[ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:34] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:36] : 'redirect': error detected while parsing redirect condition.
[ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:40] : 'redirect': error detected while parsing redirect condition.
[ALERT] 007/221946 (2288) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 007/221946 (2288) : Fatal errors found in configuration.
[fail]
仅供参考 - HAproxy 版本
HA-Proxy version 1.4.24 2013/06/17
Copyright 2000-2013 Willy Tarreau <[email protected]>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
OPTIONS = USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Available polling systems :
sepoll : pref=400, test result OK
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 4 (4 usable), will use sepoll.
答案1
我重新安装了 HAproxy 1.6,它解决了我遇到的大多数问题,经过一些小的调整,我就可以让它与 SSL 一起工作而没有任何问题。