配置HAProxy支持https协议

author：JevonWei
版权声明：原创作品

实现http重定向到https

HAProxy

创建CA证书
[root@HAProxy ~]# cd /etc/haproxy/
[root@HAProxy haproxy]# mkdir certs
[root@HAProxy haproxy]# cd /etc/pki/CA
[root@HAProxy CA]# (umask 077;openssl genrsa -out private/cakey.pem 4096)
[root@HAProxy CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 \自签名证书
[root@HAProxy CA]# touch index.txt
[root@HAProxy CA]# echo 01 > serial

[root@HAProxy CA]# cd /etc/haproxy/certs/
[root@HAProxy certs]# openssl genrsa -out haproxy.key 2048
[root@HAProxy certs]# openssl req -new -key haproxy.key -out haproxy.csr
[root@HAProxy certs]# [root@HAProxy certs]# openssl ca -in haproxy.csr -out haproxy.crt
[root@HAProxy certs]# ls
haproxy.crt  haproxy.csr  haproxy.key
[root@HAProxy certs]# cat haproxy.crt haproxy.key > haproxy.pem
[root@HAProxy certs]# ll
total 12
-rw-r--r--. 1 root root    0 Aug 29 19:36 haproxy.crt
-rw-r--r--. 1 root root 1009 Aug 29 19:35 haproxy.csr
-rw-r--r--. 1 root root 1675 Aug 29 19:34 haproxy.key
-rw-r--r--. 1 root root 1675 Aug 29 19:37 haproxy.pem
[root@HAProxy certs]# chmod 600 haproxy.pem

配置haproxy网页跳转

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend https *:443
        bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
        acl static path_end .jpg .jpeg .png .gif .txt .html
        acl static path_beg /imgs /images /css
        use_backend staticsrvs  if static
        default_backend dynsrvs
    frontend http
        bind *:8080
        redirect scheme https if !{ ssl_fc }
    backend dynsrvs
        balance roundrobin
        server dynsrv1 172.16.253.105:80 check
        server dynsrv2 172.16.253.105:8080 check
    backend staticsrvs
        balance roundrobin
        server staticsrv1 172.16.253.191:80 check
        server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

配置haproxy主页跳转，即访问的http的所有内容都跳转到https的默认主页上

[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
    frontend https *:443
        bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
        acl static path_end .jpg .jpeg .png .gif .txt .html
        acl static path_beg /imgs /images /css
        use_backend staticsrvs  if static
        default_backend dynsrvs
    frontend http
        bind *:8080
        redirect location https://172.16.253.108/ if !{ ssl_fc }
    backend dynsrvs
        balance roundrobin
        server dynsrv1 172.16.253.105:80 check
        server dynsrv2 172.16.253.105:8080 check
    backend staticsrvs
        balance roundrobin
        server staticsrv1 172.16.253.191:80 check
        server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy

client访问测试

相关阅读:
CefSharp-基于C#的客户端开发框架技术栈开发全记录
 C#中HttpWebRequest、WebClient、HttpClient的使用详解
 蜘蛛侠网站-关注C#爬虫技术
 网络剪刀-NetCut
JSON.stringify 格式化输出字符串
 Vue 3.0 provide 传值到子组件
 全局添加可执行的node脚本
 npm link
低代码平台思路
 java jwt使用，springboot 整合java-jwt，java jwt工具类
原文地址：https://www.cnblogs.com/JevonWei/p/7468474.html