Manuelle HAProxy Konfiguration: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(14 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
=Domaine=
+
*[[HAProxy mit Wildcard Zertifikaten und 2 Servern]]
*Letscrypt Wildcard Zertifikate ist vorhanden
+
*[[HAProxy Round Robin mit Selbstsignierten Zertifikat]]
*schmeich.de
 
 
 
 
 
=HTTPS Proxy mit mehren Webservern=
 
<pre>
 
global
 
  1        log /dev/log    local0
 
  2        log /dev/log    local1 notice
 
  3        chroot /var/lib/haproxy
 
  4        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
 
  5        stats timeout 30s
 
  6        user haproxy
 
  7        group haproxy
 
  8        daemon
 
  9
 
10        # Default SSL material locations
 
11        ca-base /etc/ssl/certs
 
12        crt-base /etc/ssl/private
 
13
 
14        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
 
15        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GC    M-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 
16        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
 
17        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
 
18
 
19 defaults
 
20        log    global
 
21        mode    http
 
22        option  httplog
 
23        option  dontlognull
 
24        timeout connect 5000
 
25        timeout client  50000
 
26        timeout server  50000
 
27        errorfile 400 /etc/haproxy/errors/400.http
 
28        errorfile 403 /etc/haproxy/errors/403.http
 
29        errorfile 408 /etc/haproxy/errors/408.http
 
30        errorfile 500 /etc/haproxy/errors/500.http
 
31        errorfile 502 /etc/haproxy/errors/502.http
 
32        errorfile 503 /etc/haproxy/errors/503.http
 
33        errorfile 504 /etc/haproxy/errors/504.http
 
34
 
35 # Frontend: Public-Service ()
 
36 frontend Public-Service
 
37    bind 194.59.156.165:443 name 194.59.156.165:443 ssl  crt /etc/haproxy/ssl/schmeich.pem
 
38    mode http
 
39    option http-keep-alive
 
40    option forwardfor
 
41    timeout client 30s
 
42    acl acl_hertha hdr_beg(host)  -i hertha
 
43    acl acl_maria hdr_beg(host)  -i maria
 
44    use_backend hertha_backend if acl_hertha
 
45    use_backend maria_backend  if acl_maria
 
46
 
47 frontend Public-Service-Http
 
48    bind 194.59.156.165:80 name 194.59.156.165:80
 
49    mode http
 
50    option http-keep-alive
 
51    option forwardfor
 
52    timeout client 30s
 
17    timeout server 30s
 
16    http-reuse safe
 
15    #server hertha 10.82.228.11:443 ssl verify none
 
14    server hertha 10.82.228.11:80
 
13
 
12
 
11 backend maria_backend
 
10    mode http
 
  9    balance source
 
  8    stick-table type ip size 50k expire 30m
 
  7    stick on src
 
  6    timeout connect 30s
 
  4    http-reuse safe
 
  3    #server maria 10.82.228.12:443 ssl verify none
 
  2    server maria 10.82.228.12:80
 
</pre>
 
 
 
=pem layout=
 
*cat certificate.crt intermediates.pem private.key > ssl-certs.pem
 
bind *:443 ssl crt /path/to/cert/ssl-certs.pem
 
 
 
=letsencrypt cert=
 
Works a bit differently as seen in https://gridscale.io/community/tutorials/haproxy-ssl/
 
 
 
=sources=
 
*https://gridscale.io/community/tutorials/haproxy-ssl/
 
*https://www.meshcloud.io/en/2017/04/18/pem-file-layout-for-haproxy/
 

Aktuelle Version vom 26. September 2022, 19:52 Uhr

Abgerufen von „http://wiki.ixheim.de/index.php?title=Manuelle_HAProxy_Konfiguration&oldid=36410