gpt4 book ai didi

ubuntu - HAProxy 无法识别 SSL

转载 作者:太空宇宙 更新时间:2023-11-03 13:07:28 25 4
gpt4 key购买 nike

我在使用 HAProxy 和 OpenSSL 时遇到一些问题..

由于我正在尝试创建一个带有处理 HTTPS 的负载均衡器的云服务器,所以我想使用特定版本的 HAProxy 和 OpenSSL..

我的问题是,当我使用 Openssl 编译 OpenSSL 和 HAProxy 时,HAProxy 无法识别 SSL 函数。您会在下面找到我使用的不同命令。

编译 OpenSSL 1.0.2d

sudo apt-get -y install libssl-dev libpcre3 make
wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
tar xzvf openssl-1.0.2d.tar.gz
rm openssl-1.0.2d.tar.gz
cd openssl-1.0.2d
./config --prefic=/usr/local --openssldir=/usr/local/ssl --libdir=lib shared
make && make install

编译HAProxy

sudo apt-get install build-essential libpcre3-dev
wget www.haproxy.org/download/1.5/src/haproxy-1.5.14.tar.gz
tar xzvf haproxy-1.5.14.tar.gz
rm haproxy-1.5.14.tar.gz
cd haproxy-1.5.14
make TARGET=linux26 CPU=generic USE_OPENSSL=1 USE_PCRE=1
make install
(apt-get install haproxy) <--- To get HAProxy as a service

然后,当我使用命令 haproxy -vv 时,我得到:

HA-Proxy version 1.5.14 2015/07/02
Copyright 2000-2015 Willy Tarreau <willy@haproxy.org>

Build options :
TARGET = linux26
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing
OPTIONS = USE_OPENSSL=1 USE_PCRE=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built without zlib support (USE_ZLIB not set)
Compression algorithms supported : identity
Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.31 2012-07-06
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

在这里,我们看到 HAProxy 正在与 OpenSSL 一起运行,但是当我使用我的 haproxy.cfg 文件时:

global
log localhost local0 notice
maxconn 2048
user haproxy
group haproxy
tune.ssl.default-dh-param 2048

defaults
log global
mode http
option forwardfor
option http-server-close
retries 3
option redispatch
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms

frontend http-in
bind *:80
maxconn 2048
redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
bind *:443 ssl crt /etc/ssl/private/certif.pem
maxconn 2048
reqadd X-Forwarded-Proto:\ https
default_backend internalProxy

# Internal Proxys
backend internalProxy
balance roundrobin
# internal proxys

# Test
backend testExternalProxy
errorfile 503 /root/haproxy/code202.http

# Statistics
listen stats *:8010
mode http
log global

maxconn 10

timeout connect 100s
timeout client 100s
timeout server 100s
timeout queue 100s

# Stat page, http://example.com:8010/stats
stats enable
stats hide-version
stats refresh 10s
stats show-node
stats uri /stats
stats realm Strictly\ Private
stats auth username:password

我收到这些错误:

 * Starting haproxy haproxy                                                     
[ALERT] 218/022327 (1780) : parsing [/etc/haproxy/haproxy.cfg:6] : unknown keyword 'tune.ssl.default-dh-param' in 'global' section
[ALERT] 218/022327 (1780) : parsing [/etc/haproxy/haproxy.cfg:22] : 'redirect' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was 'scheme').
[ALERT] 218/022327 (1780) : parsing [/etc/haproxy/haproxy.cfg:25] : 'bind' only supports the 'transparent', 'defer-accept', 'name', 'id', 'mss' and 'interface' options.
[ALERT] 218/022327 (1780) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] 218/022327 (1780) : Fatal errors found in configuration.

它似乎无法识别 OpenSSL 函数。有谁知道为什么吗???

提前致谢

最佳答案

我刚发现问题.. 我必须修改启动脚本 /etc/init.d/haproxy 来告诉它新编译的 haproxy 二进制文件在哪里。

我必须将此行 HAPROXY=/usr/sbin/haproxy 更改为此 HAPROXY=/usr/local/sbin/haproxy

现在可以了.. =)

关于ubuntu - HAProxy 无法识别 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31871885/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com