[我错误地在stackoverflow上发布了这个问题]
在我的 debian buster 服务器上,我有一个完美运行的 haproxy (v1.8),我用它来管理我的网站的证书。
haproxy 监听 443 端口,并将请求传递给 varnish+apache 系统。
升级到 debian Bullseye 时,haproxy (v2.2) 服务不再启动,并且日志显示:
haproxy[46308]: [ALERT] 048/004148 (46308) : parsing [/etc/haproxy/haproxy.cfg:46] : The 'reqadd' directive is not supported anymore since HAProxy 2.1. Use 'http-r
equest add-header' instead.
负责此行为的 haproxy.cfg 行是
frontend https
# Bind 443 with the generated letsencrypt cert.
bind *:443 ssl crt /etc/letsencrypt/live/qumran2/haproxy.pem
# set x-forward to https
reqadd X-Forwarded-Proto:\ https <-----------|
# set X-SSL in case of ssl_fc <- explained below
http-request set-header X-SSL %[ssl_fc]
# Select a Challenge
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
# Use the challenge backend if the challenge is set
default_backend www-backend
我知道我必须换reqadd X-Forwarded-Proto:\ https行,但是怎么做?
文档说:
http-request add-header <name> <fmt> [ { if | unless } <condition> ]
This appends an HTTP header field whose name is specified in <name> and
whose value is defined by <fmt> which follows the log-format rules (see
Custom Log Format in section 8.2.4). This is particularly useful to pass
connection-specific information to the server (e.g. the client's SSL
certificate), or to combine several headers into one. This rule is not
final, so it is possible to add other similar rules. Note that header
addition is performed immediately, so one rule might reuse the resulting
header from a previous rule.
我不明白我应该如何写等价的http-request add-header......
我认为您可以使用:
正如这里所讨论的:
https://stackoverflow.com/questions/51928504/x-forwarded-proto-https-in-frontend-or-backend-haproxy