%20%E5%88%B0%20https(443)%20ssl%20%E9%87%8D%E5%AE%9A%E5%90%91%E5%9C%A8%20haproxy%20%E4%B8%AD%E4%B8%8D%E8%B5%B7%E4%BD%9C%E7%94%A8%EF%BC%9F.png)
我在 stackoverflow 上发过类似的问题。但由于这个网站更适合这个问题,所以我在这里重新发布。我试图将端口 80 上的所有请求重定向到端口 443,即使用 haproxy 将 http 重定向到 https (ssl)。我已经通过参考此链接创建了 pem 认证文件http://fosshelp.blogspot.com/2016/11/how-to-create-pem-file-for-haproxy.html。我已确保将 PRIVATE KEY 和 CRT(自签名证书)附加到 mydomain.pem。
我的域名.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAoYIHQUmzceqx7dJfMbEp67v8J9C9BgXChoT5yR6zh8cVkQNT
hkG7x0S2W1kEtARsin6q5nl23k7MuK4GURHGz1H6lm2p/bO6hepyrvWDYhNXhUFy
QJ2I2qlCfP+0Szbf1CZ74dOFod6LWggIgKbliSc++0y4RWfxPO/WJHiR5d7khZjL
yYfKXgcV72yCUQJB/axNqUzgq+VA+NjXG4o192J6wHWVbDtSnC05OfVncxD27f+Q
Nbb00pBiMssET3ZBXwHu6mApf4OtfmQlxHKiKGVscnP9M1mc6eJLBVhuXEyLijfS
dWP2M9XZ2NNYrKDr1GMZcnTYVixhJrroPS1o3QIDAQABAoIBAArUFvxvnpJis+9I
DY3dXPwrLGrW+fVvaW1vePfdERhnZrDEUlNMEPT5TGivfTs8mLJob7joJ+obymoP
cOj6kiPQUUbIr38ND9Jut6W3XEm1Fkce7jQa29QdSRHsawAn+7XTprarYehKbXlp
1HgbuIQLl5Ntv2UX5Pq68dacJtwMjG1/2CffgOYqrbC3XxXxmLbT/iW2mTP/dhQo
SBVc6YGtY4jxz05D20gNhrwE1fz0rUion9SXNbBo+6i/NvuLjGNKqEBwMu9Mu5Ea
+0WoK0M/xhecLNTN/PEIGcs3ZfKfjGyQRHW/wJOwDjIK8clC36XyoNE5kfy5cW0C
Nr8LOtkCgYEAzJTEAZDf6m1Z4mO2vtQXJFVcrRsifG6bUiJCJp2uP9nCNNalet1V
/bzXNwE/8Ww4+fZQbuZOrAgurjyt0MNXdohD32/HWjr357rGa8o6f4kNjLrUwKqW
9CfMF0W48z6acQBtPrpRzoqnwRniRQtEzoAQ8AwjeKp8NeNRbznGQj8CgYEAyhnU
z11hVWoASk2KqW1DwExVZX7bkaYA/EKzVwXmR/8pWXg92ndoNnceJgU7HKqE5MUA
jQXSL+B7VXozH5Pld5fCZf3GaA7ZNaKbuT236Cl6hPtsLIN4GX4X5uIpJInbpCUT
WBH7/yTGDIFZ9PkQFsGaXHHykf3A0q4NFamuleMCgYEAh/Y6iZvh5GfGO9nvIsXL
l38Pt4/4DGBp410XP5i9rHupQPqCQbSFqLtvAIRZHbbB6wXTENEI6fYKKAv1rG+W
WhVXnlAoWgQkq6IKqqpc1FOeaK/mIyF8b0lfrvvMXgR2GbGh6PVk1vJ5aLEuGprR
oLemChLXJCORpzKq9VOdOnsCgYEArI1fgGkXGIk3lDkeYcfzp7TE2LJ2H6Xfg4Ij
gvJ7ig8Wq9gY33VB2fbcG9Qtgy0n5/c3oDBPJCeCxhlemuB4dCJzjQcepmu/Eqcy
U/eZFLSNcgsEcgERwppBKBUC0bqOeFhbar94K4CnQ7gRKTKZhQRpmfKEDBfe0UJf
05YbhMcCgYEAtmTSJPK13YnqgMt3iknpF9oCd0sn4fMppjyTkQTFyOEbTP81nMTl
GtPdibPztCp+eNO9PBnq3WaUhtBpB8VSau8EA63KsfSYFWYtjoypjb7R59Y8aFNM
cZY29E9rMTCbvHFefCbccINLc87TAMkePxfzGTqrAgLGH7fqjQawVrY=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDETCCAfkCFEhN+hY3QAT6HESzvbYPS9X7CAf0MA0GCSqGSIb3DQEBCwUAMEUx
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
cm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTkwOTE5MTExNTIwWhcNMjAwOTE4MTEx
NTIwWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAoYIHQUmzceqx7dJfMbEp67v8J9C9BgXChoT5yR6zh8cVkQNT
hkG7x0S2W1kEtARsin6q5nl23k7MuK4GURHGz1H6lm2p/bO6hepyrvWDYhNXhUFy
QJ2I2qlCfP+0Szbf1CZ74dOFod6LWggIgKbliSc++0y4RWfxPO/WJHiR5d7khZjL
yYfKXgcV72yCUQJB/axNqUzgq+VA+NjXG4o192J6wHWVbDtSnC05OfVncxD27f+Q
Nbb00pBiMssET3ZBXwHu6mApf4OtfmQlxHKiKGVscnP9M1mc6eJLBVhuXEyLijfS
dWP2M9XZ2NNYrKDr1GMZcnTYVixhJrroPS1o3QIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQAiVhxY9hBSIk3J8vppghyRBdjEEbxaefrmyXNkffP5rw9mVFWdDQAaXbyf
2sfP+XnXQtPUK5CqlifmQeO7Wf7I0Kfdn6KGYdBNHTj9fRRT28hJoloah5qlhv0r
ZNilT5xHS5F4E4IFkmctPKdGiSA5Ex0jaOYCV5sCFgNcR2xKTzgkD/6aWi8ObkxL
2xhtcvs67n2YqHFWcexPm8kFP/6MOG/6618Drdl6qZM93NPZ/1srQsLL5Jg769wx
+WKry946qYNaB7fk3SOfh5RMVnqbpXfVarjThd2aqicOTyL3VF4znRFeptFuC/gP
gZMEFH7XvQEsR0jMIKDzwS3F+/mj
-----END CERTIFICATE-----
haproxy配置文件
frontend http-in
mode http
bind *:80
bind *:443 ssl crt /etc/ssl/private/mydomain.pem
http-request redirect scheme https code 301 if !{ ssl_fc }
acl path-employeeList path_beg -i /employeeList
use_backend employeeList-backend if path-employeeList
backend employeeList-backend
mode http
option httplog
option forwardfor
http-request set-path /
server appserver1 134.209.18.237:5000
目前我可以通过以下方式访问我的应用程序http://134.209.18.237/.但当我打https://134.209.18.237/我收到 503 服务不可用,没有可用的服务器来处理此请求。为什么重定向到 https 不起作用?请帮忙
我的 pem 证书文件或 haproxy.cfg 有问题吗?证书文件是否无效?
答案1
您没有后端/,/employeeList所以实际上没有人可以处理您的请求。503 似乎是正确的。