无限重定向 HAPROXY
endless redirect HAPROXY
我帮助应对不幸,我开始结合工作需要学习haproxy。输入 URL 之类 https://my.server.ru/ is to immediately redirect to a directory like https://my.server.ru/SoftOnIt/ 的任务我做到了,但是有一个问题,当点击 link 并在重定向后,页面开始无限刷新或重定向。我附上了我的 haproxy 的完整配置。 haproxy -c -f /etc/haproxy/haproxy.cfg
Apr 30 12:55:12 localhost haproxy[3124]: 192.168.1.92:53661 [30/Apr/2020:12:55:12.000] https-proxy~ 1c_path/s1 0/0/15/9/24 200 18570 - - ---- 2/1/0/0/0 0/0 "GET /SoftOnIT/ru_RU/ HTTP/1.1"
也没有什么...
据我了解 http-request set-path /SoftOnIT/ if 1c 的问题
我需要做一些检查 - 如果当前 url 已经是必需的,那么不要重定向。
帮忙理清逻辑。
对不起 google 译者 =)
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
ssl-server-verify none
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 4096
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#-----------------------------------------------------------
frontend http-proxy
bind *:80
redirect scheme https code 301 if !{ ssl_fc } #редирект на https
default_backend 1c_web
########Для установки и обновления letsencrypt##############
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
#---------------------------------------------------------------
frontend https-proxy
bind *:443 ssl crt /etc/letsencrypt/live/my.server.ru/my.server.ru.pem
acl 1c hdr_end(host) -i my.server.ru
http-request set-path /SoftOnIT/ if 1c
use_backend 1c_path if 1c
default_backend 1c_web
#---------------------------------------------------------------
backend letsencrypt-backend
server letsencrypt 127.0.0.1:8888
#---------------------------------------------------------------
backend 1c_web
mode http
cookie SERVERID insert indirect nocache
server 1cweb 10.255.10.26:80 check cookie 1cweb
#---------------------------------------------------------------
backend 1c_path
server s1 10.255.10.26:443 ssl```
您不仅需要检查主机 header 还需要检查路径。
我的建议
frontend https-proxy
bind *:443 ssl crt /etc/letsencrypt/live/my.server.ru/my.server.ru.pem
acl 1c hdr_end(host) -i my.server.ru
acl 1c_path path_beg /SoftOnIT
http-request redirect code 301 location https://%[req.hdr(host)]/SoftOnIT if !1c_path
use_backend 1c_path if 1c !1c_path
default_backend 1c_web
我帮助应对不幸,我开始结合工作需要学习haproxy。输入 URL 之类 https://my.server.ru/ is to immediately redirect to a directory like https://my.server.ru/SoftOnIt/ 的任务我做到了,但是有一个问题,当点击 link 并在重定向后,页面开始无限刷新或重定向。我附上了我的 haproxy 的完整配置。 haproxy -c -f /etc/haproxy/haproxy.cfg
Apr 30 12:55:12 localhost haproxy[3124]: 192.168.1.92:53661 [30/Apr/2020:12:55:12.000] https-proxy~ 1c_path/s1 0/0/15/9/24 200 18570 - - ---- 2/1/0/0/0 0/0 "GET /SoftOnIT/ru_RU/ HTTP/1.1"
也没有什么...
据我了解 http-request set-path /SoftOnIT/ if 1c 的问题
我需要做一些检查 - 如果当前 url 已经是必需的,那么不要重定向。
帮忙理清逻辑。
对不起 google 译者 =)
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
ssl-server-verify none
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 4096
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#-----------------------------------------------------------
frontend http-proxy
bind *:80
redirect scheme https code 301 if !{ ssl_fc } #редирект на https
default_backend 1c_web
########Для установки и обновления letsencrypt##############
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
#---------------------------------------------------------------
frontend https-proxy
bind *:443 ssl crt /etc/letsencrypt/live/my.server.ru/my.server.ru.pem
acl 1c hdr_end(host) -i my.server.ru
http-request set-path /SoftOnIT/ if 1c
use_backend 1c_path if 1c
default_backend 1c_web
#---------------------------------------------------------------
backend letsencrypt-backend
server letsencrypt 127.0.0.1:8888
#---------------------------------------------------------------
backend 1c_web
mode http
cookie SERVERID insert indirect nocache
server 1cweb 10.255.10.26:80 check cookie 1cweb
#---------------------------------------------------------------
backend 1c_path
server s1 10.255.10.26:443 ssl```
您不仅需要检查主机 header 还需要检查路径。
我的建议
frontend https-proxy
bind *:443 ssl crt /etc/letsencrypt/live/my.server.ru/my.server.ru.pem
acl 1c hdr_end(host) -i my.server.ru
acl 1c_path path_beg /SoftOnIT
http-request redirect code 301 location https://%[req.hdr(host)]/SoftOnIT if !1c_path
use_backend 1c_path if 1c !1c_path
default_backend 1c_web