0
我的用例是在分析服务器上使用HAProxy作为ssl终止& Parse LiveQuery。我被困在haproxy配置中,因为它无法正确连接websocket,并且仅在连接到本地(无ssl终止)时才有效。在iOS上测试(反应原生应用程序)。HAProxy卡在ssl websocket上(解析livequery)
这是我HAProxy的配置
global
maxconn 50000
log 127.0.0.1 local0
user haproxy
chroot /usr/share/haproxy
pidfile /run/haproxy.pid
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl-default-bind-options no-sslv3
daemon
defaults
log global
retries 3
mode http
stats enable
stats uri /stats
stats realm Haproxy\ Statistics
stats auth xx:xx
option forwardfor
option http-server-close
option httplog
option dontlognull
frontend xxx_web
bind *:443 ssl crt /etc/haproxy/certs/xxx.com.pem
acl host_api_xxx hdr(host) -i api.xxx.com
acl is_websocket hdr(Upgrade) -i websocket
reqadd X-Forwarded-Port:\ 443
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Scheme:\ https
redirect scheme https if !{ ssl_fc }
use_backend ws_xxx if is_websocket
use_backend api_xxx if host_api_xxx
backend ws_xxx
server ws_xxx 127.0.0.1:7777 check
backend api_xxx
balance roundrobin
reqadd X-Forwarded-Port:\ 443
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Scheme:\ https
server api_xxx 127.0.0.1:7777 check # ssl verify none