У меня вопрос по поводу ACL с path_beg в https-интерфейсе.
Моя среда:
haproxy ==> acl 1 / web1 ===> https: // app / web1 haproxy ==> acl 2 / web2 ==> https: // app / web2
Конфигурация:
frontend https-in
mode tcp
bind xxx.xxx.xxx.xxx:443
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl host_https-app2 req_ssl_sni -i app.example.com
use_backend app2_https if host_https-app2
backend app2_https
mode tcp
balance source
stick-table type binary len 32 size 30k expire 30m
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
tcp-response content accept if serverhello
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
option ssl-hello-chk
server srv1-HTTPS srv1:443 check
server srv2-HTTPS srv2:443 check backup
Мой пример мониторинга:
tcp-check connect port 443
tcp-check send GET\ /web1\ HTTP/1.0\r\n
tcp-check send Host:\ app.example.com\r\n
tcp-check send \r\n
tcp-check expect rstring (2..|3..)
Спасибо!
Попробуйте ...
frontend https-in
mode http
option httplog
bind xxx.xxx.xxx.xxx:443
<...>
use_backend app2_https if { hdr(host) -i app.example.com } { path_beg /web2/ }
<...>
backend app2_https
mode http
option httplog
<...>
option ssl-hello-chk
server srv1-HTTPS srv1:443 check
server srv2-HTTPS srv2:443 check backup
<...>