一、简介

本文示例运行环境:

  1. 操作系统:CentOS Linux release 7
  2. haproxy版本 : haproxy-1.5

二、haproxy 配置

haproxy.cfg 配置文件

global

    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    tcp
    log                     global
    #option                  httplog
    option                  dontlognull
    option http-server-close
    #option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000


frontend ssl-in
        bind *:443
        mode tcp
        tcp-request inspect-delay 3s
        tcp-request content accept if { req.ssl_hello_type 1 }
        acl api req_ssl_sni -i v-api.stardustgod.com
        acl cf  req_ssl_sni -i d1k8g7qaebqd28.cloudfront.net
        use_backend api if api { req.ssl_hello_type 1 }
        use_backend cf  if cf  { req.ssl_hello_type 1 }


backend api
        balance roundrobin
        mode tcp
        option ssl-hello-chk
        server  cppla31-8887    v-api.stardustgod.com:443        check   maxconn 20480000


backend cf
        balance roundrobin
        mode tcp
        option ssl-hello-chk
        server  cppla31-7779    d1k8g7qaebqd28.cloudfront.net:443       check   maxconn 20480000

三、参考文档

  1. haproxy配置sni实现https多域名代理
  2. haproxy配置文档