티스토리 뷰

LAYER 4 & 7

HAPROXY SSL

초보의 CHOMAN 2018.04.11 13:55


HAPROXY SSL



참고원문



https://www.digitalocean.com/community/tutorials/how-to-implement-ssl-termination-with-haproxy-on-ubuntu-14-04

 

https://serversforhackers.com/c/using-ssl-certificates-with-haproxy






global



global

        log /dev/log local0 debug

        log 127.0.0.1   local0

        log 127.0.0.1   local1 notice

        maxconn 4096

        uid 99

        gid 99

        daemon

        tune.ssl.default-dh-param 2048



defaults

        log     global

        mode    http

        option  dontlognull

        retries 3

        maxconn 2000

        contimeout      5000

        clitimeout      50000

        srvtimeout      50000

 





인증서 설정법 



https://www.securesign.kr/guides/HAProxy-SSL-Certificates-Install

 





인증서 합치기



echo prive.key >> total.pem

echo cert.crt >> total.pem

echo chain.key >> total.pem

 






mode tcp (80, 443)


 

frontend http

    bind *:80

    mode http

    default_backend http-end


frontend https

    bind *:443 ssl crt /root/test.kensei.co.kr/total.pem no-sslv3

    option tcplog

    default_backend https-end


backend http-end

    mode http

    balance source

    server web01 172.16.1.2:80

    server web02 172.16.0.208:80


backend https-end

    mode tcp

    option ssl-hello-chk

    server web01 172.16.1.2:443

    server web02 172.16.0.208:443



: TCP MODE 는 단순히 포트포워딩




mode HTTP ( 80, 443)



frontend www-http

   bind *:80

   option httplog

   reqadd X-Forwarded-Proto:\ http

   default_backend www-backend


frontend www-https

    option httplog

    bind *:443 ssl crt /root/wp.kensei.co.kr/total.pem

    reqadd X-Forwarded-Proto:\ https

    default_backend www-backends


backend www-backend

#    redirect scheme https if !{ ssl_fc }

    balance hdr(x-forwarded-for)

    server wp1 172.16.0.209:80 check inter 10000 rise 1 fall 1

    server wp2 172.16.1.4:80 check inter 10000 rise 1 fall 1


backend www-backends

    balance hdr(x-forwarded-for)

    server wp1 172.16.0.209:443 ssl verify none check inter 10000 rise 1 fall 1

    server wp2 172.16.1.4:443 ssl verify none check inter 10000 rise 1 fall 1

 


: MODE HTTP 는 프록시가 80과 443을 받아서 웹서버 대신 처리


'LAYER 4 & 7' 카테고리의 다른 글

안전하지 않은 컨텐츠가 차단됨  (0) 2018.04.13
haproxy client ip 추출  (0) 2018.04.11
HAPROXY SSL  (0) 2018.04.11
HAPROXY HDR  (0) 2018.04.11
centos7 ipvsadm  (0) 2018.04.10
mod_proxy_balancer  (0) 2018.04.10
댓글
댓글쓰기 폼