HAProxy的高级配置选项-配置haproxy支持https协议
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.证书制作
1>.创建私钥
[[email protected] ~]# mkdir -pv /yinzhengjie/softwares/haproxy/certs mkdir: created directory ‘/yinzhengjie/softwares/haproxy/certs’ [[email protected] ~]# [[email protected] ~]# cd /yinzhengjie/softwares/haproxy/certs/ [[email protected] /yinzhengjie/softwares/haproxy/certs]# [[email protected] /yinzhengjie/softwares/haproxy/certs]# openssl genrsa -out haproxy.key 2048 Generating RSA private key, 2048 bit long modulus ...........................+++ ......................................................................+++ e is 65537 (0x10001) [[email protected] /yinzhengjie/softwares/haproxy/certs]# [[email protected] /yinzhengjie/softwares/haproxy/certs]# ll total 4 -rw-r--r-- 1 root root 1675 Jan 7 07:18 haproxy.key [[email protected] /yinzhengjie/softwares/haproxy/certs]#
2>.基于私钥创建一个crt文件
[[email protected] /yinzhengjie/softwares/haproxy/certs]# ll total 4 -rw-r--r-- 1 root root 1675 Jan 7 07:18 haproxy.key [[email protected] /yinzhengjie/softwares/haproxy/certs]# [[email protected] /yinzhengjie/softwares/haproxy/certs]# openssl req -new -x509 -key haproxy.key -out haproxy.crt -subj "/CN=node102.yinzhengjie.org.cn" [[email protected] /yinzhengjie/softwares/haproxy/certs]# [[email protected] /yinzhengjie/softwares/haproxy/certs]# ll total 8 -rw-r--r-- 1 root root 1139 Jan 7 07:21 haproxy.crt -rw-r--r-- 1 root root 1675 Jan 7 07:18 haproxy.key [[email protected] /yinzhengjie/softwares/haproxy/certs]# [[email protected] /yinzhengjie/softwares/haproxy/certs]#
3>.生成一个haproxy使用的证书文件
[[email protected] /yinzhengjie/softwares/haproxy/certs]# ll total 8 -rw-r--r-- 1 root root 1139 Jan 7 07:21 haproxy.crt -rw-r--r-- 1 root root 1675 Jan 7 07:18 haproxy.key [[email protected] /yinzhengjie/softwares/haproxy/certs]# [[email protected] /yinzhengjie/softwares/haproxy/certs]# cat haproxy.key haproxy.crt > haproxy.pem #生成证书文件 [[email protected] /yinzhengjie/softwares/haproxy/certs]# [[email protected] /yinzhengjie/softwares/haproxy/certs]# ll total 12 -rw-r--r-- 1 root root 1139 Jan 7 07:21 haproxy.crt -rw-r--r-- 1 root root 1675 Jan 7 07:18 haproxy.key -rw-r--r-- 1 root root 2814 Jan 7 07:23 haproxy.pem [[email protected] /yinzhengjie/softwares/haproxy/certs]#
[[email protected] /yinzhengjie/softwares/haproxy/certs]# openssl x509 -in haproxy.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: c1:7d:0d:33:31:a0:2a:86 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=node102.yinzhengjie.org.cn Validity Not Before: Jan 6 23:21:42 2020 GMT Not After : Feb 5 23:21:42 2020 GMT Subject: CN=node102.yinzhengjie.org.cn Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b5:8d:25:2d:1c:22:c5:01:c4:47:8b:87:6b:3a: f9:34:d5:db:0b:3a:34:10:42:a6:33:24:cc:e7:3b: 26:01:18:ee:2d:e3:e4:24:c9:8a:12:aa:1c:8e:fb: 38:60:bc:1a:0b:c5:85:48:ea:36:83:86:d3:50:6d: 85:3c:14:43:10:9e:87:d0:40:54:c5:58:15:4d:a6: 68:1f:c3:aa:1b:fb:9c:d6:d4:3e:33:8a:d4:d6:00: d4:e2:a4:22:e8:06:77:35:80:40:48:83:3c:1c:12: 1e:33:d3:97:64:c8:37:06:d2:1d:c9:c1:a0:f4:c9: d2:56:c7:43:a6:9f:79:a4:e1:51:23:d7:90:20:bc: 30:ee:cd:ac:10:fa:0b:db:ea:a7:65:4b:fb:24:fb: 97:4b:2a:6f:7d:52:04:1e:ea:74:df:8c:53:09:ca: 38:61:a7:2d:e8:33:c7:76:5f:37:aa:d3:df:f6:b4: ca:76:42:24:21:c2:40:1d:d1:9f:2d:9b:01:62:b4: 2d:55:4f:71:ae:8b:29:3c:ab:fb:47:1b:5c:8f:67: c0:80:71:d3:d5:d7:0a:b5:9f:51:5a:56:c3:de:70: a5:4a:fa:c7:69:65:47:22:6c:96:ee:57:1a:4b:f1: ef:5f:09:1b:e6:15:ce:4a:14:06:8d:4d:f3:d8:a5: e8:c3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: F2:B1:1F:87:C5:37:3C:F6:00:A6:F6:06:59:05:D3:48:58:BB:F3:8C X509v3 Authority Key Identifier: keyid:F2:B1:1F:87:C5:37:3C:F6:00:A6:F6:06:59:05:D3:48:58:BB:F3:8C X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption 1d:5b:c4:a5:ef:f4:41:f1:06:40:67:a1:d7:9a:20:4b:5b:3e: 1b:d7:8c:84:39:4f:ce:62:5f:e9:48:b7:3b:80:12:de:00:8e: eb:13:83:70:28:9c:2e:6f:0f:9c:2d:92:0d:f7:d4:7b:cc:e3: eb:67:c4:48:2a:f0:ad:57:f9:51:28:75:6b:86:12:0c:28:8b: ba:45:55:df:95:ed:68:b6:27:47:71:b6:44:11:9d:29:f5:b5: 68:b7:db:30:76:a2:79:bc:cb:60:9b:68:e3:5e:b5:00:da:c5: c5:4d:ff:f9:9d:fe:28:66:00:b2:b2:d7:36:ef:05:15:d6:26: 44:4a:d4:e4:1a:06:9b:f1:42:f1:f5:b7:32:98:5a:78:70:b9: f2:26:45:8e:db:a5:3b:5c:9b:c4:35:54:63:e7:18:d6:55:4c: 1b:47:0b:b8:e3:99:b3:b0:e9:d1:50:f5:50:b8:8c:3d:2f:d3: 7b:54:57:52:6b:4d:d1:07:31:96:cc:3f:72:67:0b:db:de:d8: e8:14:f2:a3:c4:ff:41:24:90:12:8d:0c:45:64:cd:2b:c1:ce: ab:f5:c6:b4:e7:36:bf:f4:5e:d8:7a:36:94:a8:9d:99:60:2f: d7:04:f8:58:e9:9f:9d:25:92:c6:ab:c0:c2:30:04:91:92:17: 81:54:9b:ff [[email protected] /yinzhengjie/softwares/haproxy/certs]# [[email protected] /yinzhengjie/softwares/haproxy/certs]#
二.配置haproxy支持https协议
1>.
2>.
3>.
4>.
5>.
三.