[英]Haproxy acl rules is not working
I trying to configure haproxy-1.7.3 with HTTP2 support next acl rules: 我试图使用HTTP2支持的下一个ACL规则配置haproxy-1.7.3:
acl rule0 hdr_beg(host) -i i0.
acl rule02 ssl_fc_alpn -i h2 and hdr_beg(host) -i i0.
use_backend i02 if rule02
use_backend i0 if rule0
acl rule1 hdr_beg(host) -i i1.
acl rule12 ssl_fc_alpn -i h2 and hdr_beg(host) -i i1.
use_backend i12 if rule12
use_backend i1 if rule1
backend i0
server node1 192.168.40.51:5000 ssl verify none
backend i02
mode tcp
http-request add-header X-Forwarded-Proto https
server node1 192.168.40.51:5001 check send-proxy
backend i1
server node1 192.168.40.23:5000 ssl verify none
backend i12
mode tcp
http-request add-header X-Forwarded-Proto https
server node1 192.168.40.23:5001 check send-proxy
I want all requests for subdomain i0. 我想要对子域i0的所有请求。 forward to i0.myserver.com and all requests for for subdomain i1. 转发到i0.myserver.com以及对子域i1的所有请求。 forward to i1.myserver.com with HTTP2 support. 使用HTTP2支持转发到i1.myserver.com。 But in my case all requests always forward to i0.myserver.com. 但就我而言,所有请求始终转发到i0.myserver.com。 What is wrong with this acl rules? 此ACL规则有什么问题?
So, acl in tcp mode is not working for analyze headers. 因此,tcp模式下的acl不适用于分析标头。 And working config is below: 和工作配置如下:
acl rule02 ssl_fc_alpn -i h2
acl rule0 ssl_fc_sni -i i0.mydomian.com
use_backend i02 if rule02 rule0
use_backend i0 if rule0
acl rule12 ssl_fc_alpn -i h2
acl rule1 ssl_fc_sni -i i1.mydomain.com
use_backend i12 if rule12 rule1
use_backend i1 if rule1
Maybe it's will be useful for somebody. 也许对某人有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.