HAproxy 下启用 Https

请确保您已经获取了有效的证书文件。HAproxy所需证书文件格式比较特殊,要求为pem格式,且同时包含证书和与之匹配的私钥,可使用以下命令使之合并:

  1. ```
  2. cat demo.crt demo.key > demo.pem
  3. ```

修改 HAproxy 配置文件

配置示例:/etc/haproxy/haproxy.cfg(假设用于健康状态检测的端口为12345)

  1. global
  2.     log 127.0.0.1 local1 notice
  3.     maxconn 4096
  4.     user haproxy
  5.     group haproxy
  7. defaults
  8.     log global
  9.     mode http
  10.     retries 3
  11.     maxconn 2000
  12.     timeout connect 10000
  13.     timeout client 300000
  14.     timeout server 300000
  16. listen seafile
  17.     bind :80
  18.     bind :443 ssl crt /etc/haproxy/demo.pem
  19.     redirect scheme https if !{ ssl_fc }
  20.     mode http
  21.     option httplog
  22.     option dontlognull
  23.     option forwardfor
  24.     cookie SERVERID insert indirect nocache
  25.     server seafileserver01 <ip of frontend node1>:80 check port 12345 cookie seafileserver01
  26.     server seafileserver02 <ip of frontend node2>:80 check port 12345 cookie seafileserver02

修改 nginx 配置

在前端seafile服务器节点上(即node B 和 node C)的nginx配置中添加两行配置到 location / 代码块中: vim /etc/nginx/conf.d/seafile.conf

  1. proxy_set_header   X-Forwarded-Proto https;

配置示例:

  1. location / {
  2.     proxy_pass         http://127.0.0.1:8000;
  3.     proxy_set_header   Host $host;
  4.     proxy_set_header   X-Real-IP $remote_addr;
  5.     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
  6.     proxy_set_header   X-Forwarded-Host $server_name;
  7.     proxy_set_header   X-Forwarded-Proto https;
  8.     proxy_read_timeout  1200s;
  9.         ...

重新加载nginx配置:

  1. nginx -s reload

原文: https://manual-cn.seafile.com/deploy_pro/https_with_haproxy.html