我需要使用 tls 创建 haproxy,尽管它可以成功使用 ssl 证书,但我已经完成了以下配置
global
log 127.0.0.1 local0 debug
ssl-default-bind-options no-sslv3 2048
它给出以下错误,请建议我应该在哪里更改
[ALERT] 330/075452 (70779) : parsing [/etc/haproxy/haproxy.cfg:8] : unknown keyword 'ssl-default-bind-options' in 'global' section
[ALERT] 330/075452 (70779) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[WARNING] 330/075452 (70779) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.
[ALERT] 330/075452 (70779) : Fatal errors found in configuration.
答案1
尝试:
global
log 127.0.0.1 local0 debug
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
答案2
同样的问题。但我这样做了。
[root@ops ~]# haproxy -vv | grep OpenSSL
Built without OpenSSL support (USE_OPENSSL not set)
因此,需要重新制作haproxy并重新安装它。
tar -zxvf haproxy***.tar.gz
yum install openssl openssl-devel pcre pcre-devel gcc -y
make USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
make install
然后
haproxy check