我正在尝试使用HAProxy安全地连接两台服务器(使用反向连接)。我正在使用以下配置代理:
onprem_1 | TRACE [ssl#8 172.32.0.4:39376] RECEIVED: RESPONSE: 503 Service Unavailable HTTP/1.0 HEADERS: {Cache-Control=[no-cache], Connection=[close], Content-Type=[text/html]} CONTENT: HeapBuffer[pos=0 lim=0 cap=0: empty] [...] [...]
onprem_1 | TRACE [ssl#8 172.32.0.4:39376] RECEIVED: CONTENT: HeapBuffer[pos=105 lim=212 cap=272: 3C 68 74 6D 6C 3E 3C 62 6F 64 79 3E 3C 68 31 3E...] [...]
onprem_1 | TRACE [tcp#7 172.32.0.4:39376] RECEIVED: SESSION_UNSECURED
从后端接收流量的服务器输出以下内容:
{{1}}
与第二台服务器的连接已关闭。我相信它与HAProxy配置的ssl部分有关。有什么想法吗?
答案 0 :(得分:0)
我设法使用SSL passthrough连接两台服务器。整个设置在docker容器中运行。首先,我更改了生成证书时使用的主机名。 (使用haproxy主机名)然后我稍微修改了 haproxy.cfg 以反映 docker-compose.yml 中的更改。
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
uid 99
gid 99
daemon
debug
defaults
log global
log-format {"type":"haproxy","timestamp":%Ts,"http_status":%ST,"http_request":"%r","remote_addr":"%ci","bytes_read":%B,"upstream_addr":"%si","backend_name":"%b","retries":%rc,"bytes_uploaded":%U,"upstream_response_time":"%Tr","upstream_connect_time":"%Tc","session_duration":"%Tt","termination_state":"%ts"}
mode http
option httplog
option dontlognull
retries 3
option redispatch
option http-server-close
maxconn 250
timeout connect 5000
timeout client 50000
timeout server 50000
# SSL/TLS Passthrough
frontend front_forward
mode tcp
bind haproxy:8080
use_backend back_forward
backend back_forward
server onpremsrv cloud:8881
mode tcp
timeout server 30s
frontend front_reverse
mode tcp
bind haproxy:8081
use_backend back_reverse
backend back_reverse
server onpremsrv cloud:8882
mode tcp
timeout server 30s
# SSL/TLS Passthrough
listen stats
bind haproxy:9000
mode http
stats enable
stats uri /
stats hide-version
stats auth admin:admin