Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ Haproxy multi-domain certificate HTTPS     - Linux Apache server security (Linux)

- Ubuntu 15.10 install the latest Arduino IDE 1.6.7 (Linux)

- The user how to install Notepadqq 0.41.0 under ubuntu and debian (Linux)

- Intel Graphics Installer 1.0.3 released, support for Ubuntu (Linux)

- Linux-- sub-volume compression and decompression (Linux)

- CentOS How to mount the hard drive (Linux)

- Github inventory objects Algorithm (Linux)

- Axel install plug under CentOS 5/6 acceleration yum downloads (Linux)

- Android Studio Personalization (Linux)

- Why did not Oracle privileges can also log in with sysdba (Database)

- CentOS install video converter FFmpeg and cutting tools segmenter (Linux)

- Easy to install CentOS 6.6 desktop environment (Linux)

- Ubuntu 12.04 / 14.04 users to install software LyX document processing (Linux)

- Lenovo Ultrabooks Ubuntu system can not open the wireless hardware switch solutions (Linux)

- Teach you to diagnose problems with strace (Linux)

- Install Ruby on Rails in Ubuntu 15.04 in (Linux)

- echo command (Linux)

- GRUB2 boot Ubuntu Manual (Linux)

- Use exp exported EXP-00091 error (Database)

- C ++ based foundation: the difference between C and C ++ (Programming)

 
         
  Haproxy multi-domain certificate HTTPS
     
  Add Date : 2018-11-21      
         
         
         
  We talked about using Nginx multi-domain certificate HTTPS, recompile Nginx implement TLS SNI Support open, use Haproxy how to achieve it?

Claim:

Haproxy must be 1.5 or later

The first step: openssl installed

tar zxf openssl-0.9.8zh.tar.gz
cd openssl-0.9.8zh
./config enable-tlsext --prefix = / usr / local / openssl no-shared
make && make install_sw
# The above does not affect the system installed version of openssl, openssl is to open the main features of TLS SNI

Step two: Haproxy installation

tar zxf haproxy-1.5.15.tar.gz
cd haproxy-1.5.15
make TARGET = linux26 USE_PCRE = 1 USE_OPENSSL = 1 USE_ZLIB = 1 ARCH = x86_64 PREFIX = / usr / local / haproxy1.5.15 SSL_INC = / usr / local / openssl / include SSL_LIB = / usr / local / openssl / lib ADDLIB = -ldl
make TARGET = linux26 USE_PCRE = 1 USE_OPENSSL = 1 USE_ZLIB = 1 ARCH = x86_64 PREFIX = / usr / local / haproxy1.5.15 SSL_INC = / usr / local / openssl / include SSL_LIB = / usr / local / openssl / lib ADDLIB = -ldl install
# Openssl remember to specify the above address, haproxy this step no config

The third step: to generate a certificate

[Root @ gz122haproxy95 ~] # mkdir ~ / keys
[Root @ gz122haproxy95 keys] # cd ~ / keys
[Root @ gz122haproxy95 keys] # openssl genrsa -out passport.abc.com.key 2048
[Root @ gz122haproxy95 keys] # openssl req -new -key passport.abc.com.key -out passport.abc.com.csr
  
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', The field will be left blank.
-----
Country Name (2 letter code) [GB]: CN # State
State or Province Name (full name) [Berkshire]: GuangDong # State
Locality Name (eg, city) [Newbury]: ShenZhen # city
Organization Name (eg, company) [My Company Ltd]: Test.Inc # Company Name
Organizational Unit Name (eg, section) []: passport.abc.com # Organization Name
Common Name (eg, your name or your server's hostname) []: passport.abc.com # Domain
Email Address []: passport@abc.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[Root @ gz122haproxy95 keys] # openssl x509 -req -days 3650 -in passport.abc.com.csr -signkey passport.abc.com.key -out passport.abc.com.crt
[Root @ gz122haproxy95 keys] # cat passport.abc.com.crt passport.abc.com.key | tee passport.abc.com.pem

According to the above method of generating www.test.com admin.abc.com certificate file sequentially, each site will have a final document generated pem

Configuring Haproxy profile:

frontend http_server
        bind: 80
        bind: 443 ssl crt /etc/haproxy/keys/www.test.com.pem crt /etc/haproxy/keys/admin.test.com.pem crt /etc/haproxy/keys/passport.abc.com.pem
        # If multiple sites in accordance with the above rules, you can use the same rules bind: 443 ssl crt $ filepath crt $ file2path crt $ file3path
        
        mode http
        
        acl ssl hdr_reg (host) -i ^ (www.test.com | admin.test.com | passport.abc.com) $
        redirect scheme https code 301 if! {ssl_fc} ssl
        # Above sites https Jump
        
        acl wwwtest_com hdr_reg (host) -i $ (
        use_backend www_test_com if wwwtest_com {ssl_fc_sni www.test.com}
        # Here is the corresponding portion of the certificate, such as
        acl admintest_com hdr_dom (host) -i admin.test.com
        use_backend admin_test_com if admintest_com {ssl_fc_sni admin.test.com}
        acl passportabc_com hdr_dom (host) -i passport.abc.com
        use_backend pasport_abc_com if passport_abc_com {ssl_fc_sni passport.abc.com}
        
        
        backend www_test_com
            server test2 192.168.10.2:80 check port 80 inter 5000 rise 2 fall 3 weight 1
        backend admin_test_com
            server test4 192.168.10.4:80 check port 80 inter 5000 rise 2 fall 3 weight 1
        backend passport_abc_com
            server test5 192.168.10.5:80 check port 80 inter 5000 rise 2 fall 3 weight 1

According to the above configuration can achieve more HTTPS certificate, and then click Access Access will find the above, the relevant certificate paired.
     
         
         
         
  More:      
 
- Perl said method B if A judge (Programming)
- Nginx log cutting and MySQL script regular backup script (Server)
- Increase ssh security service under Linux (Linux)
- Linux device driver development small example --LED lights (Programming)
- Btrfs file system creation and their characteristics in Linux (Linux)
- Exploring the Android Listview display confusion (Programming)
- Unable to solve the official version of Android Studio online update problem (Linux)
- Analysis of Java in the deep copy and shallow copy (Programming)
- Computer security perimeter recommendations (Linux)
- To batch create users under Linux (Linux)
- Design and implementation of environment sniffer running under Linux (Linux)
- RHEL (RedHat) 6.3 using EPEL Yum source (Linux)
- PHP call a Python program (Programming)
- Virt Related Command Summary (Linux)
- CentOS 6.4 RPM install MySQL-5.6.22-1 (Database)
- Handle large data problems Bit-map method (Programming)
- error 1819 (HY000): your password does not satisfy the current policy requirements (Database)
- Compare Swift achieve rapid sorting and sorted Methods (Programming)
- Java by Spy Memcached to cache data (Programming)
- Ubuntu installation module Python rq (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.