1. 首页
  2. 问答
  3. 使用HAProxy的服务器之间的反向连接

使用HAProxy的服务器之间的反向连接

2017-08-23 27 views
0

我试图使用HAProxy安全地连接两个服务器(使用反向连接)。我使用以下配置为代理:使用HAProxy的服务器之间的反向连接

global 
    log 127.0.0.1 local0 
    log 127.0.0.1 local1 notice 
    #log loghost local0 info 
    maxconn 4096 
    uid 99 
    gid 99 
    daemon 
    debug 

defaults 
    log  global 
    log-format {"type":"haproxy","timestamp":%Ts,"http_status":%ST,"http_request":"%r","remote_addr":"%ci","bytes_read":%B,"upstream_addr":"%si","backend_name":"%b","retries":%rc,"bytes_uploaded":%U,"upstream_response_time":"%Tr","upstream_connect_time":"%Tc","session_duration":"%Tt","termination_state":"%ts"} 
    mode http 
    option httplog 
    option dontlognull 
    retries 3 
    option redispatch 
    option http-server-close 
    maxconn 250 
    timeout connect 5000 
    timeout client 50000 
    timeout server 50000 

frontend front_reverse 
    mode http 
    bind haproxy:8081 ssl crt /x509/certs/example.com.pem 
    use_backend back_reverse 

backend back_reverse 
    mode http 
    option ssl-hello-chk 
    server onpremsrv example.com:8882 check 
    http-request set-header X-Real-IP %[src] 
    option forwardfor 

listen stats 
    bind haproxy:9000 
    mode http 
    stats enable 
    stats uri/
    stats hide-version 
    stats auth admin:admin

接收来自后端业务服务器输出如下:

onprem_1  | TRACE [ssl#8 172.32.0.4:39376] RECEIVED: RESPONSE: 503 Service Unavailable HTTP/1.0 HEADERS: {Cache-Control=[no-cache], Connection=[close], Content-Type=[text/html]} CONTENT: HeapBuffer[pos=0 lim=0 cap=0: empty] [...] [...] 
onprem_1  | TRACE [ssl#8 172.32.0.4:39376] RECEIVED: CONTENT: HeapBuffer[pos=105 lim=212 cap=272: 3C 68 74 6D 6C 3E 3C 62 6F 64 79 3E 3C 68 31 3E...] [...] 
onprem_1  | TRACE [tcp#7 172.32.0.4:39376] RECEIVED: SESSION_UNSECURED

到第二服务器的连接被关闭。我相信它与HAProxy配置的ssl部分有关。有任何想法吗?

来源

2017-08-23 mihaijulien

回答

0

我设法使用SSL passthrough连接两台服务器。整个设置在码头集装箱中运行。首先,我更改了生成证书时使用的主机名。 (使用haproxy主机名)然后,我稍微修改了haproxy.cfg以反映docker-compose.yml中的更改。

global 
    log 127.0.0.1 local0 
    log 127.0.0.1 local1 notice 
    #log loghost local0 info 
    maxconn 4096 
    uid 99 
    gid 99 
    daemon 
    debug 

defaults 
    log  global 
    log-format {"type":"haproxy","timestamp":%Ts,"http_status":%ST,"http_request":"%r","remote_addr":"%ci","bytes_read":%B,"upstream_addr":"%si","backend_name":"%b","retries":%rc,"bytes_uploaded":%U,"upstream_response_time":"%Tr","upstream_connect_time":"%Tc","session_duration":"%Tt","termination_state":"%ts"} 
    mode http 
    option httplog 
    option dontlognull 
    retries 3 
    option redispatch 
    option http-server-close 
    maxconn 250 
    timeout connect 5000 
    timeout client 50000 
    timeout server 50000 


# SSL/TLS Passthrough 

frontend front_forward 
    mode tcp 
    bind haproxy:8080 
    use_backend back_forward 

backend back_forward 
    server onpremsrv cloud:8881 
    mode tcp 
    timeout server 30s 

frontend front_reverse 
    mode tcp 
    bind haproxy:8081 
    use_backend back_reverse 

backend back_reverse 
    server onpremsrv cloud:8882 
    mode tcp 
    timeout server 30s 

# SSL/TLS Passthrough 

listen stats 
    bind haproxy:9000 
    mode http 
    stats enable 
    stats uri/
    stats hide-version 
    stats auth admin:admin

来源

2017-08-29 13:46:45 mihaijulien

相关问题

 相关问题