0 
    I am  configuring the haproxy.cfg file for haproxy. i need to add cipher suite in this file. for that i am using bind command. My bind command is as below.

  • bind 0.0.0.0:443 ssl crt /etc/ssl/certs/private1.pem nosslv3 prefer-server-ciphers ciphers TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH 使用绑定命令 bind *:443它工作正常。一旦我添加了其他参数,它就会抛出错误。

    After including this command in haproxy.cfg file and restarting the haproxy service. i am getting the error.

** [ALERT] 164/074924 (31084) : 解析 [/etc/haproxy/haproxy.cfg:80] : 'bind' 只支持 'transparent', 'defer-accept', 'name', 'id', 'mss' 和 'interface' 选项。[ALERT] 164/074924 (31084):在配置文件中发现错误:/etc/haproxy/haproxy.cfg [ALERT] 164/074924 (31084):在配置中发现致命错误。配置文件中的错误,请使用 haproxy 检查。**

    For resolving this issue i tried to install "libssl-dev" package. but i am not able to install that package also.



    **Please guide me to do this. and i need to know is it neccesary to give the pem file entry in bind, or i can directly include cipher itself like this.
    bind *:8443 ciphers TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH**


    Appending my haproxy.cfg file below.

    **#---------------------------------------------------------------------
    # Example configuration for a possible web application.  See the
    # full configuration options online.
    #
    #   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
    #
    #---------------------------------------------------------------------

    #---------------------------------------------------------------------
    # Global settings
    #---------------------------------------------------------------------
    global
        # to have these messages end up in /var/log/haproxy.log you will
        # need to:
        #
        # 1) configure syslog to accept network log events.  This is done
        #    by adding the '-r' option to the SYSLOGD_OPTIONS in
        #    /etc/sysconfig/syslog
        #
        # 2) configure local2 events to go to the /var/log/haproxy.log
        #   file. A line like the following can be added to
        #   /etc/sysconfig/syslog
        #
        #    local2.*                       /var/log/haproxy.log
        #
        log         127.0.0.1 local2

        chroot      /var/lib/haproxy
        pidfile     /var/run/haproxy.pid
        maxconn     4000
        user        haproxy
        group       haproxy
        daemon

        # turn on stats unix socket
        stats socket /var/lib/haproxy/stats

    #---------------------------------------------------------------------
    # common defaults that all the 'listen' and 'backend' sections will
    # use if not designated in their block
    #---------------------------------------------------------------------
    defaults
        mode                    http
        log                     global
        option                  httplog
        option                  dontlognull
        option http-server-close
        option forwardfor       except 127.0.0.0/8
        option                  redispatch
        retries                 3
        timeout http-request    10s
        timeout queue           1m
        timeout connect         10s
        timeout client          1m
        timeout server          1m
        timeout http-keep-alive 10s
        timeout check           10s
        maxconn                 3000

    #---------------------------------------------------------------------
    # main frontend which proxys to the backends

    frontend inbound 

        mode http

        bind 0.0.0.0:443 ssl crt /etc/ssl/certs/private1.pem nosslv3 prefer-server-ciphers ciphers TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH

    # static backend for serving up images, stylesheets and such
    #---------------------------------------------------------------------
    backend postgresqlcluster1
        mode http
        balance roundrobin
        server  postgres1 192.44.9.101:8080 check**
4

1 回答 1

0

您需要使用 1.5-dev19+(当前为 15.-dev26)才能使用任何 ssl 功能;根据错误和配置摘录,看起来您正在运行 1.4。

于 2014-06-19T20:11:44.500 回答