我在使用 HAProxy 时遇到一个问题,尽管它们有不同的子域,但它会转到同一个网站。
例如,我转到 foo.domain.com,然后在另一个选项卡上转到 bar.domain.com,再在另一个选项卡上转到 baz.domain.com,这三个选项卡都会加载 foo.domain.com 网站,而当我硬刷新其他网站时,它会正确转到正确的网站,然后这种情况会再次发生,使新网站成为所有域的面孔,除非我继续刷新网站。
我有以下配置:
defaults
log global
mode http
option tcplog
option dontlognull
retries 3
option redispatch
maxconn 30000
timeout connect 10s
timeout client 60s
timeout server 60s
frontend http_in
mode http
option httplog
bind *:80
option forwardfor
acl host_foo hdr(host) -i foo.domain.com
acl host_bar hdr(host) -i bar.domain.com
acl host_baz hdr(host) -i baz.domain.com
use_backend http_foo if host_foo
use_backend http_bar if host_bar
use_backend http_baz if host_baz
backend http_foo
mode http
option httplog
option forwardfor
server foo foo:80
backend http_bar
mode http
option httplog
option forwardfor
server bar bar:80
backend http_baz
mode http
option httplog
option forwardfor
server baz baz:80
frontend https_in
mode tcp
option tcplog
bind *:443
acl tls req.ssl_hello_type 1
tcp-request inspect-delay 5s
tcp-request content accept if tls
acl host_foo req.ssl_sni -i foo.domain.com
acl host_bar req.ssl_sni -i bar.domain.com
acl host_baz req.ssl_sni -i baz.domain.com
use_backend https_foo if host_foo
use_backend https_bar if host_bar
use_backend https_baz if host_baz
backend https_foo
mode tcp
option tcplog
option ssl-hello-chk
server foo foo:443
backend https_bar
mode tcp
option tcplog
option ssl-hello-chk
server bar bar:443
backend https_baz
mode tcp
option tcplog
option ssl-hello-chk
server baz baz:443
我正在使用 HAProxy 版本 2.4.12。有什么办法可以防止这种情况发生吗?
答案1
您需要传递主机标头,类似于 HTTP 模式中的主机标头:
backend https_baz
mode http
option ssl-hello-chk
reqirep ^Host: Host:\ baz.domain.com
server baz baz:443