Grav CMS System(4)Multiple Domain Sites in HAProxy and HTTPS
guichun 2018-11-14
GravCMSSystem(4)MultipleDomainSitesinHAProxyandHTTPS
Follow
https://www.jianshu.com/p/907eec663cf1
FreeSSLOrghttps://letsencrypt.org/
Tooltogeneratekeyhttps://certbot.eff.org/
InstallCertbotonCentOS
>sudoyuminstallcertbot
InstallCertbotonUbuntu
>sudoapt-getupdate
>sudoapt-getinstallsoftware-properties-common
>sudoadd-apt-repositoryppa:certbot/certbot
>sudoapt-getupdate
>sudoapt-getinstallcertbot
InstallthatonRaspberryPi
>wgethttps://dl.eff.org/certbot-auto
>sudochmoda+xcertbot-auto
>sudomvcertbot-auto/usr/local/bin/
Verifytheinstallation
>certbot-h
Or
>certbot-auto-h
SetUpHAProxyproxytoour8081NGINXPHPGravApplication
https://seanmcgary.com/posts/haproxy---route-by-domain-name/
Theseconfigurationinnginxwillworkhaproxy.conf
global
maxconn400
defaults
modehttp
timeoutconnect30000
timeoutclient50000
timeoutserver50000
statsenable
statshide-version
statsuri/stats
statsauthadmin:admin
frontendhttp-in
bind:80
default_backendgrav-web
backendgrav-web
balanceleastconn
optionhttpclose
cookieJSESSIONIDprefix
servergrav-web1192.168.1.108:8081cookieAcheck
listenscrapyd
bind*:6800
modetcp
balanceroundrobin
serverscrapyd1192.168.1.108:6801check
serverscrapyd2192.168.1.108:6802check
WithMultipledomainsandACLs
Firstofall,Istartastaticwebsiteatport8082
Hereisthemultiplenodesbindingconfigurationhaproxy.conf
global
maxconn400
defaults
modehttp
timeoutconnect30000
timeoutclient50000
timeoutserver50000
statsenable
statshide-version
statsuri/stats
statsauthadmin:admin
frontendhttp-in
bind:80
aclhost_sillycathomehdr(host)-isillycat.ddnshome.net
aclhost_sillycathdr(host)-isillycat.ddns.net
aclhost_kikokanghomehdr(host)-ikikokang.ddnshome.net
aclhost_kikokanghdr(host)-ikikokang.ddns.net
use_backendgrav-webifhost_sillycathome
use_backendgrav-webifhost_sillycat
use_backendstatic-webifhost_kikokanghome
use_backendstatic-webifhost_kikokang
backendgrav-web
balanceleastconn
optionhttpclose
cookieJSESSIONIDprefix
servergrav-web1192.168.1.108:8081cookieAcheck
backendstatic-web
balanceleastconn
optionhttpclose
cookieJSESSIONIDprefix
serverstatic-web1192.168.1.108:8082cookieAcheck
listenscrapyd
bind*:6800
modetcp
balanceroundrobin
serverscrapyd1192.168.1.108:6801check
serverscrapyd2192.168.1.108:6802check
GenerateKeys
WebrootMode
>sudocertbot-autocertonly--webroot-w/home/carl/work/[email protected]
Ifeverythinggoeswell,itwillgeneratethekeyshere
Yourcertificateandchainhavebeensavedat:
/etc/letsencrypt/live/kikokang.ddns.net/fullchain.pem
Yourkeyfilehasbeensavedat:
/etc/letsencrypt/live/kikokang.ddns.net/privkey.pem
StandaloneMode
>sudocertbot-autocertonly--standalone-dsillycat.ddns.net--agree-tos--emailluohuazju@gmail.com
Thesimilarthing,itsaves
Yourcertificateandchainhavebeensavedat:
/etc/letsencrypt/live/sillycat.ddns.net/fullchain.pem
Yourkeyfilehasbeensavedat:
/etc/letsencrypt/live/sillycat.ddns.net/privkey.pem
Inthedocs,innginx,itwillbesimilarto
Listen443;
sslon;
ssl_certificate/etc/letsencrypt/live/sillycat.ddns.net/fullchain.pem
ssl_certificate_key/etc/letsencrypt/live/sillycat.ddns.net/privkey.pem
ConfigureHTTPSinHAProxy
https://www.ilanni.com/?p=10641
Mergethefilesandkeysfor2domain.
>catkiko.pemkiko_key.pem|teekikokangname.pem
>catsillycat.pemsillycat_key.pem|teesillycatname.pem
ExceptioninHAProxy
2018-11-14T06:06:46.233312600Z[ALERT]317/060646(8):parsing[conf/haproxy.conf:24]:errordetectedinfrontend'webapp'whileparsingredirectrule:errorincondition:unknownfetchmethod'ssl_fc'inACLexpression'ssl_fc'.
Solution:
Whencompile,weneedenableSSL
https://stackoverflow.com/questions/25520526/centos-6-5-haproxy-fatal-error
>makeTARGET=linux2628USE_PCRE=1USE_OPENSSL=1USE_ZLIB=1USE_CRYPT_H=1USE_LIBCRYPT=1
HereisthechangesinDockerfile
ADDconf/kikokangname.pem/tool/haproxy-1.8.14/conf/
ADDconf/sillycatname.pem/tool/haproxy-1.8.14/conf/
#starttheapplication
EXPOSE6800
EXPOSE80
EXPOSE443
HereisthechangesinMakefiletoexposemoreports
run:
dockerrun-d-p80:80-p443:443-p6800:6800--name$(NAME)$(IMAGE):$(TAG)
debug:
dockerrun-ti-p80:80-p443:443-p6800:6800--name$(NAME)$(IMAGE):$(TAG)/bin/bash
HereistheHTTPSconfigurationinHAProxyinhaproxy.conf
frontendwebapp
bind:80
aclhost_sillycathdr(host)-isillycat.ddns.net
redirectschemehttpsif!{ssl_fc}
bind:443sslcrt/tool/haproxy-1.8.14/conf/sillycatname.pem
aclhost_kikokanghdr(host)-ikikokang.ddns.net
redirectschemehttpsif!{ssl_fc}
bind:443sslcrt/tool/haproxy-1.8.14/conf/kikokangname.pem
Thenwecanvisitthepage
https://sillycat.ddns.net
https://kikokang.ddns.net
References:
https://seanmcgary.com/posts/haproxy---route-by-domain-name/
http://seanmcgary.com/posts/using-sslhttps-with-haproxy/
https://www.jianshu.com/p/907eec663cf1
http://blog.51cto.com/11538244/1912152
