Haproxy虚拟主机SSL

Haproxy为多个域名配置SSL

生成自签名证书

1
2
3
4
5
6
sudo mkdir /etc/ssl/atbug.com
sudo openssl genrsa -out /etc/ssl/atbug.com/atbug.com.key 1024
sudo openssl req -new -key /etc/ssl/atbug.com/atbug.com.key -out /etc/ssl/atbug.com/atbug.com.csr
sudo openssl x509 -req -days 365 -in /etc/ssl/atbug.com/atbug.com.csr -singkey /etc/ssl/atbug.com/atbug.com.key -out /etc/ssl/atbug.com/atbug.com.crt
sudo openssl x509 -req -days 365 -in /etc/ssl/atbug.com/atbug.com.csr -signkey /etc/ssl/atbug.com/atbug.com.key -out /etc/ssl/atbug.com/atbug.com.crt
sudo cat /etc/ssl/atbug.com/atbug.com.crt /etc/ssl/atbug.com/atbug.com.key | sudo tee /etc/ssl/atbug.com/atbug.com.pem

Haproxy配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
frontend https
        bind *:443 ssl crt /etc/ssl/atbug.com/atbug.com.pem
        option tcplog
        mode http
        #option forwardfor

###atbug-https
        acl atbug-https hdr_beg(host) -i test.atbug.com
        use_backend rome-atbug-https-backend if atbug-https

backend rome-atbug-https-backend
        balance roundrobin
        mode http
        option ssl-hello-chk
        server node-1 ip:port cookie dw2-vm-test-apps003 check inter 2000 rise 3 fall 3 weight 50

Comments

comments powered by Disqus