[我错误地在 stackoverflow 上发布了这个问题]
在我的 debian buster 服务器上,我有一个完美运行的 haproxy (v1.8),我用它来管理我的网站的证书。
haproxy 监听 443 端口,并将请求传递给 varnish+apache 系统。
升级到 debian bullseye 时,haproxy(v2.2)服务不再启动,日志显示:
haproxy[46308]: [ALERT] 048/004148 (46308) : parsing [/etc/haproxy/haproxy.cfg:46] : The 'reqadd' directive is not supported anymore since HAProxy 2.1. Use 'http-r
equest add-header' instead.
导致此行为的 haproxy.cfg 行是
frontend https
# Bind 443 with the generated letsencrypt cert.
bind *:443 ssl crt /etc/letsencrypt/live/qumran2/haproxy.pem
# set x-forward to https
reqadd X-Forwarded-Proto:\ https <-----------|
# set X-SSL in case of ssl_fc <- explained below
http-request set-header X-SSL %[ssl_fc]
# Select a Challenge
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
# Use the challenge backend if the challenge is set
default_backend www-backend
我明白我必须改变路线reqadd X-Forwarded-Proto:\ https,但该怎么做呢?
这文档说:
http-request add-header <name> <fmt> [ { if | unless } <condition> ]
This appends an HTTP header field whose name is specified in <name> and
whose value is defined by <fmt> which follows the log-format rules (see
Custom Log Format in section 8.2.4). This is particularly useful to pass
connection-specific information to the server (e.g. the client's SSL
certificate), or to combine several headers into one. This rule is not
final, so it is possible to add other similar rules. Note that header
addition is performed immediately, so one rule might reuse the resulting
header from a previous rule.
我不明白我应该怎样写出等效的http-request add-header......
答案1
我认为你可以使用:
http-request set-header X-Forwarded-Proto https
正如这里所讨论的:
https://stackoverflow.com/questions/51928504/x-forwarded-proto-https-in-frontend-or-backend-haproxy