HaProxy 通过 SSL 连接到 Tomcat

HaProxy 通过 SSL 连接到 Tomcat

我正在尝试通过 HTTPS 配置 HaProxy - Tomcat 通信。也就是说,我需要在 HaProxy 和 Tomcat 上配置 SSL。我首先使用 Tomcat,它在端口 8443 上运行良好。我在浏览器上导入了客户端证书,它使用 SSL 加载 tomcat 页面。然后我在 HaProxy 上启动 SSL,并通过 SSL 将其代理到 Tomcat。基本上,我需要通过 HaProxy 传递 tomcat 证书,HaProxy 也在 SSL 上(HaProxy(https) <-> Tomcat(https))。但我总是得到503 服务不可用 没有可用的服务器来处理此请求。在浏览器上。以下是我的 haproxy 配置。有人能帮我纠正这个问题吗?

global
    daemon
    maxconn 256
    log /dev/log    local0
    log /dev/log    local1 debug
    ssl-default-bind-options no-sslv3
    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    ssl-server-verify required
    tune.ssl.cachesize 100000
    tune.ssl.lifetime 600
    tune.ssl.maxrecord 1460
    tune.ssl.default-dh-param 2048
defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    log global

frontend localhost
    bind *:443 ssl crt /etc/ssl/tomcat/client.pem npn http/1.1,http/1.0
    mode http
    reqadd X-Forwarded-Proto:\ https
    reqadd X-Forwarded-Port:\ 443
    default_backend nodes

backend nodes
    server mybackendserver 127.0.0.1:8443 ssl verify required ca-file /etc/ssl/tomcat/ca.pem

相关内容