我正在尝试为多个主机设置一个用于SSL卸载的haproxy。 这工作完美的configuration:
# Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 15000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #tune.ssl.default-dh-param 2048 #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 11000 #--------------------------------------------------------------------- # main frontends which proxys to the backends #--------------------------------------------------------------------- frontend www-https *:443 bind *:443 ssl crt /etc/ssl/private/starmyhostname.pem no-sslv3 #Define hosts & ACL's acl host_BEADHOSTWWW01 hdr(host) -i wwwtest.myhostname.eu acl host_BEADHOSTKB01 hdr(host) -i kb.myhostname.eu #Define which backend to use for each host use_backend BEADHOSTWWW01 if host_BEADHOSTWWW01 use_backend BEADHOSTKB01 if host_BEADHOSTKB01 #--------------------------------------------------------------------- # Backends #--------------------------------------------------------------------- backend BEADHOSTWWW01 option httpclose cookie JSESSIONID prefix mode http server WWW01 172.26.75.10:80 cookie A check backend BEADHOSTKB01 option httpclose cookie JSESSIONID prefix mode http server KB01 172.26.75.2:80 cookie A check 但是,在某些情况下(可以说20个中有1个),我收到一个ERR_SSL_PROTOCOL_ERROR(chrome)或者ssl_error_rx_record_too_long(firefox)。 击中F5立即解决问题。
任何人都知道这可能是什么原因,以及如何解决这个问题? 谢谢!
我解决了它:)
变
frontend www-https *:443
至
frontend www-https