haproxy配置求助
本帖最后由 shouyu924 于 2016-11-28 15:33 编辑当前网站http转https(部分)定义了80与443监听,需要http与https共存
acl http_w hdr_reg(host) -i ^www.abc.com
acl http_m hdr_reg(host) -i ^m.abc.com
use_backend w if http_w
use_backendm if http_m
backend w
10.10.10.1
10.10.10.2
backend m
10.10.10.1
10.10.10.2
acl http_ws hdr_reg(host) -i ^www.abc.com
acl http_mshdr_reg(host) -i^m.abc.com
use_backend ws if http_ws
use_backendms if http_ms
backend ws
10.10.10.1
10.10.10.2
backend ms
10.10.10.1
10.10.10.2
为什么这样写不行的啊,请大神帮忙啊
回复 1# shouyu924
出现什么问题了? 感觉这俩配置只是 acl 和 backend 的命令不一样。
回复 2# Godbach
是的.我希望浏览器访问进来,如果用http访问,返回80后台给前端请求,如果https访问,返回443后台给前端请求 回复 3# shouyu924
你这个地方是要 匹配 host 吧。建议你用 hdr() 关键字来比较:
acl host1 hdr(host) -i www.abc.com
acl host2 hdr(host) -i m.abc.com
回复 1# shouyu924
ACL 的语法如下:
acl <aclname> <criterion> <value> ...
你确定你那么写 ACL,HAProxy 可以正常解析吗?
本帖最后由 shouyu924 于 2016-11-28 15:33 编辑
我是按照产线的配置写的,产线的是这么用的
acl url_m hdr_reg(host) -i ^m.abc.com 回复 5# Godbach
主题写少写了hdr_reg(host) -i ..,我现在卡在同一个域名两种方式,http,https.如何写正则,如果用hdr_reg(host) -i^ 形式,这样请求只会在最开始定义的80端口即便我用https 回复 7# shouyu924
host 匹配不建议用正则,直接精确匹配吧。
此外,没看到你的配置中所谓的 80 443 共存的逻辑。你能贴一下你实际的配置吗
回复 8# Godbach
global
log 127.0.0.1 local3
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 8000
user haproxy
group haproxy
daemon
#debug
# turn on stats unix socket
stats socket /var/lib/haproxy/stats level admin
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 1m
maxconn 8000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontendmain *:80
--------------------------------------------
acl url_www hdr_reg(host) -i ^www.liness.com
acl url_hatlineapi hdr_reg(host) -i^hat.api.liness.cn
use_backend backendall if url_www
use_backend backendall if url_hatlineapi
backend backendall
mode http
balance roundrobin
option forwardfor
server 10.28.27.92:80 cookieweight 1 check
server 10.21.41.229:80 cookieweight 1check
下面是我新添加的配置
frontend www-https
bind *:443
mode tcp
acl url_wwws hdr(host) -i www.liness.com
acl url_hatlineapis hdr(host) -ihat.api.liness.cn
use_backend backendalls if url_wwws
use_backend backendalls if url_hatlineapis
backend backendalls
server 10.28.27.92:443 cookieweight 1 check
server 10.21.41.229:443 cookieweight 1check
回复 8# Godbach
global
log 127.0.0.1 local3
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 8000
user haproxy
group haproxy
daemon
#debug
# turn on stats unix socket
stats socket /var/lib/haproxy/stats level admin
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 1m
maxconn 8000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontendmain *:80
--------------------------------------------
acl url_www hdr_reg(host) -i ^www.liness.com
acl url_hatlineapi hdr_reg(host) -i^hat.api.liness.cn
use_backend backendall if url_www
use_backend backendall if url_hatlineapi
backend backendall
mode http
balance roundrobin
#balance source
#balance static-rr
#cookie SERVERID insert
#option httpclose
option forwardfor
server 10.28.27.92:80 cookieweight 1 check
server 10.21.41.229:80 cookieweight 1check
------------------------------------
以下是我的配置.
frontend www-https
bind *:443
mode tcp
acl url_wwws hdr(host) -i www.liness.com
acl url_hatlineapis hdr(host) -ihat.api.liness.cn
use_backend backendalls if url_wwws
use_backend backendalls if url_hatlineapis
backend backendalls
server 10.28.27.92:443 cookieweight 1 check
server 10.21.41.229:443 cookieweight 1check