42 lines
1.2 KiB
INI
42 lines
1.2 KiB
INI
# 01-07 HAProxy - 3.4 HTTPS 健康检查(443 应用层,HAProxy 终结 TLS,由 HAProxy 提供证书)
|
||
# frontend 需 bind *:443 ssl,backend mode http 连 K3s:443 做 HTTP over TLS 检查
|
||
# 将 your-ingress.example.com 改为实际 Host;将 /etc/ssl/haproxy.pem 改为实际证书路径
|
||
# 自签/内网 CA 用 verify none,生产建议 ca-file
|
||
# 文档:docs/01-07-openwrt-haproxy.md 第 3.4 节
|
||
global
|
||
log /dev/log local0
|
||
maxconn 4096
|
||
|
||
defaults
|
||
mode http
|
||
option httplog
|
||
timeout connect 5s
|
||
timeout client 30s
|
||
timeout server 30s
|
||
|
||
frontend http_in
|
||
bind *:18080
|
||
default_backend k3s_http
|
||
|
||
frontend https_in
|
||
bind *:18443 ssl crt /etc/ssl/haproxy.pem
|
||
mode http
|
||
default_backend k3s_https
|
||
|
||
backend k3s_http
|
||
balance roundrobin
|
||
server ylc61 192.168.2.61:80 check
|
||
server ylc62 192.168.2.62:80 check
|
||
server ylc63 192.168.2.63:80 check
|
||
server ylc64 192.168.2.64:80 check
|
||
|
||
backend k3s_https
|
||
mode http
|
||
option httpchk GET / HTTP/1.1\r\nHost:\ your-ingress.example.com
|
||
default-server ssl verify none
|
||
balance roundrobin
|
||
server ylc61 192.168.2.61:443 check
|
||
server ylc62 192.168.2.62:443 check
|
||
server ylc63 192.168.2.63:443 check
|
||
server ylc64 192.168.2.64:443 check
|