HAProxy + Nodejs + SockJS + Express + SSL
[英]HAProxy + Nodejs + SockJS + Express + SSL
问题描述
I've got a server setup in NodeJS which looks like the picture below: 
我在NodeJS中有一个服务器设置,如下图所示:
Now what i want to do two things which seem to be possible with HAProxy : 现在我想做两件似乎可以用HAProxy做的事情:
To only use one port no matter what server a client wants to access.
8080for all non SSL traffic.8080用于所有非SSL流量。 (All SSL traffic should use the port 443)Enable SSL on the
SockJS Serverand theExpress Server.SockJS Server和Express Server上启用SSL。
Please not that all my servers are running on the same instance on an amazon ec2 . 请注意,我所有的服务器都在amazon ec2上的同一个实例上运行。 So i want to internally route the traffic. 所以我想在内部路由流量。
This is my haproxy.cfg so far: 到目前为止,这是我的haproxy.cfg :
mode http
# Set timeouts to your needs
timeout client 10s
timeout connect 10s
timeout server 10s
frontend all 0.0.0.0:8080
mode http
timeout client 120s
option forwardfor
# Fake connection:close, required in this setup.
option http-server-close
option http-pretend-keepalive
acl is_sockjs path_beg /echo /broadcast /close
acl is_stats path_beg /stats
use_backend sockjs if is_sockjs
use_backend stats if is_stats
default_backend express
backend sockjs
# Load-balance according to hash created from first two
# directories in url path. For example requests going to /1/
# should be handled by single server (assuming resource prefix is
# one-level deep, like "/echo").
balance uri depth 2
timeout server 120s
server srv_sockjs1 127.0.0.1:8081
backend express
balance roundrobin
server srv_static 127.0.0.1:8008
backend stats
stats uri /stats
stats enable
Cant figure out how to route the SSL and the traffic to the TCP Server (8080 internal port) 无法弄清楚如何将SSL和流量路由到TCP Server (8080内部端口)
Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
0 2015-03-29 18:54:14
Your setup is kinda hard to understand (for me). 你的设置有点难以理解(对我而言)。 If I understand your goals correctly, you want to serve your web service through SSL hence port 443. And from 443, connect to port 8080 (internally). 如果我正确理解您的目标,您希望通过SSL服务您的Web服务,因此端口443.从443,连接到端口8080(内部)。 If that is the case then the following configuration might be what you are looking for. 如果是这种情况,那么以下配置可能就是您要查找的内容。 It does not really use port 8080 but instead it connects directly to your express backend. 它并不真正使用端口8080,而是直接连接到您的express后端。 You don't really need to have port 8080 exposed (unless you have special reasons for doing so) because you can just use the backend servers directly inside the frontend section. 您实际上不需要暴露端口8080(除非您有特殊原因),因为您可以直接在前端部分内使用后端服务器。
Note that this only works for HAProxy 1.5+, if you are using older version of HAProxy, you should put something to tunnel the SSL connection before it reaches HAProxy (But I strongly suggest 1.5 because it makes your setup less complex) 请注意,这仅适用于HAProxy 1.5+,如果您使用的是旧版本的HAProxy,您应该在SSL连接到达HAProxy之前添加一些内容(但我强烈建议使用1.5,因为它会使您的设置不那么复杂)
frontend ssl
bind *:443 ssl crt /path/to/cert.pem ca-file /path/to/cert.pem
timeout client 120s
option forwardfor
# Fake connection:close, required in this setup.
option http-server-close
option http-pretend-keepalive
acl is_sockjs path_beg /echo /broadcast /close
acl is_stats path_beg /stats
use_backend sockjs if is_sockjs
use_backend stats if is_stats
default_backend express
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.