0
我试图使用HAProxy安全地连接两个服务器(使用反向连接)。我使用以下配置为代理:使用HAProxy的服务器之间的反向连接
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
uid 99
gid 99
daemon
debug
defaults
log global
log-format {"type":"haproxy","timestamp":%Ts,"http_status":%ST,"http_request":"%r","remote_addr":"%ci","bytes_read":%B,"upstream_addr":"%si","backend_name":"%b","retries":%rc,"bytes_uploaded":%U,"upstream_response_time":"%Tr","upstream_connect_time":"%Tc","session_duration":"%Tt","termination_state":"%ts"}
mode http
option httplog
option dontlognull
retries 3
option redispatch
option http-server-close
maxconn 250
timeout connect 5000
timeout client 50000
timeout server 50000
frontend front_reverse
mode http
bind haproxy:8081 ssl crt /x509/certs/example.com.pem
use_backend back_reverse
backend back_reverse
mode http
option ssl-hello-chk
server onpremsrv example.com:8882 check
http-request set-header X-Real-IP %[src]
option forwardfor
listen stats
bind haproxy:9000
mode http
stats enable
stats uri/
stats hide-version
stats auth admin:admin
接收来自后端业务服务器输出如下:
onprem_1 | TRACE [ssl#8 172.32.0.4:39376] RECEIVED: RESPONSE: 503 Service Unavailable HTTP/1.0 HEADERS: {Cache-Control=[no-cache], Connection=[close], Content-Type=[text/html]} CONTENT: HeapBuffer[pos=0 lim=0 cap=0: empty] [...] [...]
onprem_1 | TRACE [ssl#8 172.32.0.4:39376] RECEIVED: CONTENT: HeapBuffer[pos=105 lim=212 cap=272: 3C 68 74 6D 6C 3E 3C 62 6F 64 79 3E 3C 68 31 3E...] [...]
onprem_1 | TRACE [tcp#7 172.32.0.4:39376] RECEIVED: SESSION_UNSECURED
到第二服务器的连接被关闭。我相信它与HAProxy配置的ssl部分有关。有任何想法吗?