我正在尝试通过 HTTPS 配置 HaProxy - Tomcat 通信。也就是说,我需要在 HaProxy 和 Tomcat 上配置 SSL。我首先使用 Tomcat,它在端口 8443 上运行良好。我在浏览器上导入了客户端证书,它使用 SSL 加载 tomcat 页面。然后我在 HaProxy 上启动 SSL,并通过 SSL 将其代理到 Tomcat。基本上,我需要通过 HaProxy 传递 tomcat 证书,HaProxy 也在 SSL 上(HaProxy(https) <-> Tomcat(https))。但我总是得到503 服务不可用 没有可用的服务器来处理此请求。在浏览器上。以下是我的 haproxy 配置。有人能帮我纠正这个问题吗?
global
daemon
maxconn 256
log /dev/log local0
log /dev/log local1 debug
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ssl-server-verify required
tune.ssl.cachesize 100000
tune.ssl.lifetime 600
tune.ssl.maxrecord 1460
tune.ssl.default-dh-param 2048
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
log global
frontend localhost
bind *:443 ssl crt /etc/ssl/tomcat/client.pem npn http/1.1,http/1.0
mode http
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
default_backend nodes
backend nodes
server mybackendserver 127.0.0.1:8443 ssl verify required ca-file /etc/ssl/tomcat/ca.pem