尝试使用 HAProxy 配置 letsencrypt 自动续订

尝试使用 HAProxy 配置 letsencrypt 自动续订

我正在尝试让 letsencrypt 自动更新与 haproxy 协同工作。

我已遵循以下说明: https://www.digitalocean.com/community/tutorials/how-to-secure-haproxy-with-let-s-encrypt-on-ubuntu-14-04

我收到错误:

尝试从 /etc/letsencrypt/renewal/api.example.com.conf 更新证书(api.example.com.nz)时出现意外错误:绑定到端口 54321 时出现问题:无法绑定到 IPv4 或 IPv6。跳过。

这是我的 haproxy:

 global
            log /dev/log    local0
            log /dev/log    local1 notice
            chroot /var/lib/haproxy
            stats socket /run/haproxy/admin.sock mode 660 level admin
            stats timeout 30s
            user haproxy
            group haproxy
            daemon
            maxconn 2048
            tune.ssl.default-dh-param 2048

            # Default SSL material locations
            ca-base /etc/ssl/certs
            crt-base /etc/ssl/private

            # Default ciphers to use on SSL-enabled listening sockets.
            # For more information, see ciphers(1SSL). This list is from:
            #  https://hynek.me/articles/hardening-yourweb-servers-ssl-ciphers/
            ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:EC$
            ssl-default-bind-options no-sslv3

    defaults
            log     global
            mode    http
            option  httplog
            option  dontlognull
            timeout connect 5000
            timeout client  50000
            timeout server  50000
            errorfile 400 /etc/haproxy/errors/400.http
            errorfile 403 /etc/haproxy/errors/403.http
            errorfile 408 /etc/haproxy/errors/408.http
            errorfile 500 /etc/haproxy/errors/500.http
            errorfile 502 /etc/haproxy/errors/502.http
            errorfile 503 /etc/haproxy/errors/503.http
            errorfile 504 /etc/haproxy/errors/504.http
            option forwardfor
            option http-server-close

    frontend localhost
        bind *:80
        mode http
        reqadd X-Forwarded-Proto:\ http
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl
        use_backend web1 if { hdr(host) -i example.com }
        use_backend web2 if { hdr(host) -i api.example.com }
        use_backend web1 if { hdr(host) -i www.example.com }


    frontend app_ssl
        bind *:443 ssl crt /etc/haproxy/certs/api.example.com.pem
        reqadd X-Forwarded-Proto:\ https
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl
        default_backend web2

    backend letsencrypt-backend
       server letsencrypt 127.0.0.1:54321

谁能告诉我为什么它没有进入后端?

这是在跳转盒上配置的,这与它有关系吗?

编辑

LISTEN     0      128    127.0.0.1:3006                     *:*                   users:(("ssh",pid=7608,fd=5))
LISTEN     0      128          *:80                       *:*
LISTEN     0      128          *:22                       *:*
LISTEN     0      128          *:9081                     *:*
LISTEN     0      128          *:9082                     *:*
LISTEN     0      128          *:9083                     *:*
LISTEN     0      128          *:443                      *:*
LISTEN     0      128        ::1:3006                    :::*                   users:(("ssh",pid=7608,fd=4))
LISTEN     0      128         :::80                      :::*
LISTEN     0      5           :::54321                   :::*
LISTEN     0      128         :::22                      :::*

Certbot 正在监听该端口

ubuntu@jump-box:~$ sudo lsof -i :54321
COMMAND  PID USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
certbot 3077 root    8u  IPv6 301513579      0t0  TCP *:54321 (LISTEN)

相关内容