ssl - Hurdles in Migrating from nginx to haproxy? -
i use haproxy loadbalancing , behind haproxy nginx provides ssl termination me. since haproxy supports ssl termination, want rid of nginx layer. question is, how easy migrate configuration nginx holds(like below) haproxy , possible(as far know, is)?. understand pros , cons of haproxy , nginx, , hence have taken decision. please point me out guide, explains or useful insight appreciated. blogs have found on internet scratches topic indirectly. main concern not go same infrastructure setup(i.e., haproxy , nginx) have, realize later haproxy not support configuration nginx supports(the configuration below).
server { listen 10.0.9.74:8443 ssl; listen 10.0.9.74:8080; server_name example.com abc.xyz.de *.abc.xyz.de; ssl_certificate /etc/ssl/certs/xyz.de.crt; ssl_certificate_key /etc/ssl/private/xyz.de.key; ssl_protocols sslv3 tlsv1 tlsv1.1 tlsv1.2; #ssl_ciphers rc4:high:!anull:!md5; ssl_ciphers eecdh+ecdsa+aesgcm:eecdh+arsa+aesgcm:eecdh+ecdsa+sha384:eecdh+ecdsa+sha256:eecdh+arsa+sha384:eecdh+arsa+sha256:eecdh+arsa+rc4:eecdh:edh+arsa:!anull:!enull:!low:!3des:!md5:!exp:!psk:!srp:!dss:+rc4:rc4; ssl_prefer_server_ciphers on; ssl_session_cache shared:ssl:1m; ssl_session_timeout 1m; location / { proxy_pass http://haproxy; proxy_redirect off; proxy_connect_timeout 300; proxy_http_version 1.1; proxy_set_header connection ""; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-forwarded-proto https; proxy_set_header x-forwarded-ssl on; client_max_body_size 100m; client_body_buffer_size 128k; charset utf-8; } include /etc/nginx/snicloudssl.conf; }
Comments
Post a Comment