0
  1. 总结问题

我努力强制 haproxy 使用 ssl 和 websockets

  1. 描述你尝试过的事情

我有2台机器。首先安装了带有 haproxy 和letsencrypt 插件的opnSense。我将它配置为代理我的 www 应用程序并且它可以工作,但我坚持使用代理 websockets,我不知道问题出在哪里。

当我在本地连接到 websocket 时,没有 SSL 和 HaProxy,直接连接到 websocket 服务器就可以了,所以我认为应用程序没有问题。

  1. 给我看代码

这是从 haproxy 插件导出的配置

#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbproc                      1
    nbthread                    1
    tune.ssl.default-dh-param   1024
    spread-checks               0
    tune.chksize                16384
    tune.bufsize                16384
    tune.lua.maxmem             0
    log /var/run/log local0 info

defaults
    log     global
    option redispatch -1
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats

# Frontend: wss-public_IPv4 ()
frontend wss-public_IPv4
    bind public_IPv4:6001 name public_IPv4:6001 ssl force-tlsv12 prefer-client-ciphers ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 crt-list /tmp/haproxy/ssl/6172c72c8e3541.08699115.certlist 
    mode tcp
    default_backend projectName-pool
    # tuning options
    timeout client 30s

    # logging options
    # ACL: projectName_com
    acl acl_616b1c7bcccc34.08330571 hdr(host) -i projectName.com
    # ACL: is_Websocket-Upgrade
    acl acl_6173e262251329.31528714 hdr(Upgrade) -i websocket

    # ACTION: projectName_com_wss_rule
    use_backend projectName-pool-wss if acl_616b1c7bcccc34.08330571 acl_6173e262251329.31528714


# Backend: projectName-pool ()
backend projectName-pool
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server docker-projectName 10.0.248.4:80 

# Backend: projectName-pool-wss ()
backend projectName-pool-wss
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server docker-projectName-wss 10.0.248.4:6001
4

0 回答 0