• HAproxy 下启用 Https
    • 修改 HAproxy 配置文件
    • 修改 nginx 配置

    HAproxy 下启用 Https

    请确保您已经获取了有效的证书文件。HAproxy所需证书文件格式比较特殊,要求为pem格式,且同时包含证书和与之匹配的私钥,可使用以下命令使之合并:

    1. ```
    2. cat demo.crt demo.key > demo.pem
    3. ```

    修改 HAproxy 配置文件

    配置示例:/etc/haproxy/haproxy.cfg(假设用于健康状态检测的端口为12345)

    1. global
    2. log 127.0.0.1 local1 notice
    3. maxconn 4096
    4. user haproxy
    5. group haproxy
    6. defaults
    7. log global
    8. mode http
    9. retries 3
    10. maxconn 2000
    11. timeout connect 10000
    12. timeout client 300000
    13. timeout server 300000
    14. listen seafile
    15. bind :80
    16. bind :443 ssl crt /etc/haproxy/demo.pem
    17. redirect scheme https if !{ ssl_fc }
    18. mode http
    19. option httplog
    20. option dontlognull
    21. option forwardfor
    22. cookie SERVERID insert indirect nocache
    23. server seafileserver01 <ip of frontend node1>:80 check port 12345 cookie seafileserver01
    24. server seafileserver02 <ip of frontend node2>:80 check port 12345 cookie seafileserver02

    修改 nginx 配置

    在前端seafile服务器节点上(即node B 和 node C)的nginx配置中添加两行配置到 location / 代码块中: vim /etc/nginx/conf.d/seafile.conf

    1. proxy_set_header X-Forwarded-Proto https;

    配置示例:

    1. location / {
    2. proxy_pass http://127.0.0.1:8000;
    3. proxy_set_header Host $host;
    4. proxy_set_header X-Real-IP $remote_addr;
    5. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    6. proxy_set_header X-Forwarded-Host $server_name;
    7. proxy_set_header X-Forwarded-Proto https;
    8. proxy_read_timeout 1200s;
    9. ...

    重新加载nginx配置:

    1. nginx -s reload

    原文: https://manual-cn.seafile.com/deploy_pro/https_with_haproxy.html