1

我无法让 haproxy 强制使用 https。它适用于 http 和 https。我希望它强制使用端口 443。当我尝试使用 .htaccess 强制它时,它显示“To many redirects”

这是我的 haproxy.cfg:

global 
    log 127.0.0.1 local2 
    maxconn 2048 
    user haproxy 
    group haproxy 
    daemon 
    tune.ssl.default-dh-param 2048 

defaults 
    timeout server 86400000 
    timeout connect 86400000 
    timeout client 86400000 
    timeout queue 1000s 

listen premierdis 
    bind 192.168.1.200:80 
    bind 192.168.1.200:443 ssl crt /root/.ssl/website.com.pem ciphers TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH 
    mode http 
    rspirep ^Location:\ http://(.*):80(.*)  Location:\ https://\1:443\2   if  { ssl_fc } 
    stats enable 
    stats uri /haproxy?stats 
    stats realm STATS 
    stats auth user:pass 
    balance source 
    option http-server-close 
    timeout http-keep-alive 3000 
    reqidel ^X-Real-IP: 
    option forwardfor header X-Real-IP 
    reqadd X-Forwarded-Proto:\ https 
    server srvg-webc-11 192.168.1.21:80 check 
    server srvg-webc-12 192.168.1.22:80 check 
    server srvg-webc-13 192.168.1.23:80 check
4

1 回答 1

3

如果您将配置拆分为 HTTP 部分和 HTTPS 部分,则可以在 HTTP 部分中使用重定向方案将客户端重定向为使用 HTTPS。

global 
    log 127.0.0.1 local2 
    maxconn 2048 
    user haproxy 
    group haproxy 
    daemon 
    tune.ssl.default-dh-param 2048 

defaults 
    timeout server 86400000 
    timeout connect 86400000 
    timeout client 86400000 
    timeout queue 1000s 

listen premierdis-http
    bind 192.168.1.200:80 
    mode http
    redirect scheme https if !{ ssl_fc }

listen premierdis
    bind 192.168.1.200:443 ssl crt /root/.ssl/website.com.pem ciphers TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH 
    mode http 
    stats enable 
    stats uri /haproxy?stats 
    stats realm STATS 
    stats auth user:pass 
    balance source 
    option http-server-close 
    timeout http-keep-alive 3000 
    reqidel ^X-Real-IP: 
    option forwardfor header X-Real-IP 
    reqadd X-Forwarded-Proto:\ https 
    server srvg-webc-11 192.168.1.21:80 check 
    server srvg-webc-12 192.168.1.22:80 check 
    server srvg-webc-13 192.168.1.23:80 check

希望有帮助。

于 2016-02-15T22:20:06.500 回答