我've been struggling for the last few days with setting up my application to use SSL, I generated keystore with self signed certificate for my domain, but I'我不确定我是否应该在Haproxy端或app中处理重定向 . 我的 application.yml 如下:
server:
port: 8080
contextPath: /backend
ssl:
enabled: true
key-store: /home/gftcv_keystore.jks
key-store-password: password
那将是应用程序,我有点困惑我是否应该从具有特定配置bean的http添加重定向到https,或者我应该使用Haproxy用于那个目的,因为我已经使用它来进行负载 balancer . 这是我的conf文件的示例:
global
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
resolvers docker
nameserver dns *server_ip*
resolve_retries 3
timeout retry 1s
hold valid 10s
frontend http-in
bind *:80
use_backend backend-group if { path_beg -i /backend }
use_backend frontend-group if { path_beg -i /frontend or path_beg -i /static }
http-request set-path /backend if { path -i / }
backend frontend-group
reqrep ^([^\ ]*\ /)frontend[/]?(.*) \1\2
server frontend-service frontend:3000 resolvers docker check
backend backend-group
redirect scheme https if !{ ssl_fc } # redirects HTTP requests to HTTPS
server backend-server backend:8080 resolvers docker ssl verify required ca-file /home/gftcv_keystore.jks
listen http-stats
bind *:9090
mode http
stats enable
stats refresh 15s
stats uri /stats
stats auth benchadm:benchpass
stats realm Proxy\ Statistics
stats admin if TRUE
QUESTION
我需要在使用密钥库导入的后端服务器上使用与haproxy中使用的相同的证书吗?根据我的阅读,haproxy更喜欢.pem证书扩展 . 或者我应该让应用程序处理ssl并且不参与haproxy过程 . 谢谢你的建议 .