author:JevonWei
版权声明:原创作品
实现http重定向到https
HAProxy
创建CA证书
[root@HAProxy ~]# cd /etc/haproxy/
[root@HAProxy haproxy]# mkdir certs
[root@HAProxy haproxy]# cd /etc/pki/CA
[root@HAProxy CA]# (umask 077;openssl genrsa -out private/cakey.pem 4096)
[root@HAProxy CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 \\自签名证书
[root@HAProxy CA]# touch index.txt
[root@HAProxy CA]# echo 01 > serial
[root@HAProxy CA]# cd /etc/haproxy/certs/
[root@HAProxy certs]# openssl genrsa -out haproxy.key 2048
[root@HAProxy certs]# openssl req -new -key haproxy.key -out haproxy.csr
[root@HAProxy certs]# [root@HAProxy certs]# openssl ca -in haproxy.csr -out haproxy.crt
[root@HAProxy certs]# ls
haproxy.crt haproxy.csr haproxy.key
[root@HAProxy certs]# cat haproxy.crt haproxy.key > haproxy.pem
[root@HAProxy certs]# ll
total 12
-rw-r--r--. 1 root root 0 Aug 29 19:36 haproxy.crt
-rw-r--r--. 1 root root 1009 Aug 29 19:35 haproxy.csr
-rw-r--r--. 1 root root 1675 Aug 29 19:34 haproxy.key
-rw-r--r--. 1 root root 1675 Aug 29 19:37 haproxy.pem
[root@HAProxy certs]# chmod 600 haproxy.pem
配置haproxy网页跳转
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend https *:443
bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
acl static path_end .jpg .jpeg .png .gif .txt .html
acl static path_beg /imgs /images /css
use_backend staticsrvs if static
default_backend dynsrvs
frontend http
bind *:8080
redirect scheme https if !{ ssl_fc }
backend dynsrvs
balance roundrobin
server dynsrv1 172.16.253.105:80 check
server dynsrv2 172.16.253.105:8080 check
backend staticsrvs
balance roundrobin
server staticsrv1 172.16.253.191:80 check
server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy
配置haproxy主页跳转,即访问的http的所有内容都跳转到https的默认主页上
[root@HAProxy ~]# vim /etc/haproxy/haproxy.cfg
frontend https *:443
bind *:443 ssl crt /etc/haproxy/certs/haproxy.pem
acl static path_end .jpg .jpeg .png .gif .txt .html
acl static path_beg /imgs /images /css
use_backend staticsrvs if static
default_backend dynsrvs
frontend http
bind *:8080
redirect location https://172.16.253.108/ if !{ ssl_fc }
backend dynsrvs
balance roundrobin
server dynsrv1 172.16.253.105:80 check
server dynsrv2 172.16.253.105:8080 check
backend staticsrvs
balance roundrobin
server staticsrv1 172.16.253.191:80 check
server staticsrv2 172.16.253.191:8080 check
[root@HAProxy ~]# systemctl restart haproxy
client访问测试