frontend http-in
mode http
bind *:80
bind *:443 ssl crt /etc/haproxy/pank.org-crt-chain-key.pem
use_backend %[req.hdr(Host),lower]
bind *:80
bind *:443 ssl crt /etc/haproxy/pank.org-crt-chain-key.pem
use_backend %[req.hdr(Host),lower]
backend test1.pank.org
balance first
mode http
option forwardfor except 127.0.0.0/8
server web-1 192.168.0.27:80
mode http
option forwardfor except 127.0.0.0/8
server web-1 192.168.0.27:80
backend test2.pank.org
balance first
mode http
option forwardfor except 127.0.0.0/8
server web-2 192.168.0.42:80
mode http
option forwardfor except 127.0.0.0/8
server web-2 192.168.0.42:80
test1.pank.org 及 test2.pank.org 使用同一個 wildcard 憑證,
crt 是 crt+chain+key 放同一個檔
若兩個站的憑證不同,可以用 crt-list 指定多個憑證
例: bind *:443 ssl crt-list /etc/haproxy/crt-list.txt
crt-list.txt 的內容
/etc/haproxy/domain1.com-crt-chain-key.pem
/etc/haproxy/domain2.com-crt-chain-key.pem
有設定 option forwardfor 會帶 X-Forwarded-For 到 backend server
沒有留言:
張貼留言