当路径请求不同时,如何将前端链接到后端?

时间:2019-01-28 18:25:59

标签: haproxy

我为Haproxy设置了https offloadin,并且我试图将指向前端的请求正确指向其相应的后端,但是遇到了一些障碍。

我在http://:9000 / abc上有一个后端服务器(不是在Web服务器的根目录中),当我用https:/// abc设置一个前端时,指针将按预期工作,并看到登录页面。

但是我还有另一个后端服务器,它位于http://:8888(在Web服务器的根目录中,它使它自己重定向到http://:8888 / def),并且我希望它可以被https:/// def。但是在这种情况下,指向不起作用。

如何使https:/// def指向http://:8888?这是我的.cfg

使用HAproxy 1.7

# Automaticaly generated, dont edit manually.
# Generated on: 2019-01-28 13:59
global
    maxconn         1000
    stats socket /tmp/haproxy.socket level admin 
    uid         80
    gid         80
    nbproc          1
    hard-stop-after     15m
    chroot              /tmp/haproxy_chroot
    daemon
    tune.ssl.default-dh-param   2048
    server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
    bind 127.0.0.1:2200 name localstats
    mode http
    stats enable
    stats refresh 10
    stats admin if TRUE
    stats show-legends
    stats uri /haproxy/haproxy_stats.php?haproxystats=1
    timeout client 5000
    timeout connect 5000
    timeout server 5000

frontend shared-frontend-merged
    bind            200.129.168.14:443 name 200.129.168.14:443  no-sslv3 ssl crt-list /var/etc/haproxy/shared-frontend.crt_list  
    mode            http
    log         global
    option          http-keep-alive
    option          forwardfor
    acl https ssl_fc
    http-request set-header     X-Forwarded-Proto http if !https
    http-request set-header     X-Forwarded-Proto https if https
    timeout client      30000
    acl         aclcrt_shared-frontend  var(txn.txnhost) -m reg -i ^ifamcmc\.ddns\.net(:([0-9]){1,5})?$
    acl         ACL1    var(txn.txnpath) -m sub -i abc
    acl         ACL2    var(txn.txnpath) -m sub -i def
    http-request set-var(txn.txnhost) hdr(host)
    http-request set-var(txn.txnpath) path
    use_backend glpi_ipvANY  if  ACL1 
    use_backend ciweb_ipvANY  if  ACL2

frontend http-to-https
    bind            200.129.168.14:80 name 200.129.168.14:80   
    mode            http
    log         global
    option          http-keep-alive
    timeout client      30000
    http-request redirect scheme https 

backend abc_ipvANY
    mode            http
    id          102
    log         global
    timeout connect     30000
    timeout server      30000
    retries         3
    option          httpchk OPTIONS / 
    server          abc 10.100.0.30:9000 id 103 check inter 1000  

backend def_ipvANY
    mode            http
    id          104
    log         global
    timeout connect     30000
    timeout server      30000
    retries         3
    option          httpchk OPTIONS / 
    server          def 10.100.0.40:8888 id 105 check inter 1000

我希望对https:/// def的访问正确指向http://:8888上的后端

https://<my.address.com>/abc ------>  http://<internal_ip>:9000/abc (OK)
https://<my.address.com>/def ------>  http://<internal_ip_2>:8888 (NOT OK)

1 个答案:

答案 0 :(得分:0)

让HAProxy系统首先根据端口进行转发,然后根据目录中的通配符进行转发。

请参见以下内容:

frontend a-frontend-conf

    # Declare an ACL using path_beg (Path Begins)
    acl path_images path_beg /images

    # Use backend server1 if acl condition path_images is fulfilled
    use_backend server1 if path_images

backend server1
    [...]

来源:https://serverfault.com/questions/659793/haproxy-how-to-balance-traffic-within-directory-reached