HAproxy 配置错误

HAproxy 配置错误

我在 2 个后端服务器上使用 HAproxy 作为负载均衡器。我安装了 SSL 证书,这是我的配置,在重新加载 HAproxy 时会出现大量错误。请帮忙!

这是我的配置:

    global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        tune.ssl.default-dh-param 2048
        daemon

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client 50000
        timeout server 50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend kontentwebsite_in
        bind *:80
        mode http
        redirect location https://example.com/
        redirect prefix http://example.com code 301 if { hdr(host) -$
        default_backend exampleservers_http

frontend www-https
        bind *:443 ssl crt /etc/haproxy/example.crt
        reqadd X-Forwarded-Proto:\ https
        redirect prefix http://example.com code 301 if { hdr(host) -i www$
        default_backend exampleservers_http

    backend exampleservers_http
            redirect prefix  https code 301 if !{ ssl_fc }
            appsession PHPSESSID len 64 timeout 3h request-learn prefix
            balance roundrobin
            mode http
            server web1 ip:80 check
            server web2 ip:80 check

错误如下:

root@....:~# service haproxy reload
 * Reloading haproxy haproxy                                                     [ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:7] : unknown keyword 'tune.ssl.default-dh-param' in 'global' section
[ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:30] : 'redirect': error detected while parsing redirect condition.
[ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:34] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:36] : 'redirect': error detected while parsing redirect condition.
[ALERT] 007/221946 (2288) : parsing [/etc/haproxy/haproxy.cfg:40] : 'redirect': error detected while parsing redirect condition.
[ALERT] 007/221946 (2288) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 007/221946 (2288) : Fatal errors found in configuration.
                                                                          [fail]

仅供参考 - HAproxy 版本

HA-Proxy version 1.4.24 2013/06/17
Copyright 2000-2013 Willy Tarreau <[email protected]>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
  OPTIONS = USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes

Available polling systems :
     sepoll : pref=400,  test result OK
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 4 (4 usable), will use sepoll.

答案1

我重新安装了 HAproxy 1.6,它解决了我遇到的大多数问题,经过一些小的调整,我就可以让它与 SSL 一起工作而没有任何问题。

相关内容