Haproxy虚拟主机SSL

Haproxy为多个域名配置SSL

生成自签名证书

sudo mkdir /etc/ssl/atbug.com
sudo openssl genrsa -out /etc/ssl/atbug.com/atbug.com.key 1024
sudo openssl req -new -key /etc/ssl/atbug.com/atbug.com.key -out /etc/ssl/atbug.com/atbug.com.csr
sudo openssl x509 -req -days 365 -in /etc/ssl/atbug.com/atbug.com.csr -singkey /etc/ssl/atbug.com/atbug.com.key -out /etc/ssl/atbug.com/atbug.com.crt
sudo openssl x509 -req -days 365 -in /etc/ssl/atbug.com/atbug.com.csr -signkey /etc/ssl/atbug.com/atbug.com.key -out /etc/ssl/atbug.com/atbug.com.crt
sudo cat /etc/ssl/atbug.com/atbug.com.crt /etc/ssl/atbug.com/atbug.com.key | sudo tee /etc/ssl/atbug.com/atbug.com.pem

Haproxy配置

frontend https
        bind *:443 ssl crt /etc/ssl/atbug.com/atbug.com.pem
        option tcplog
        mode http
        #option forwardfor

###atbug-https
        acl atbug-https hdr_beg(host) -i test.atbug.com
        use_backend rome-atbug-https-backend if atbug-https

backend rome-atbug-https-backend
        balance roundrobin
        mode http
        option ssl-hello-chk
        server node-1 ip:port cookie dw2-vm-test-apps003 check inter 2000 rise 3 fall 3 weight 50

comments powered by Disqus