https://l2dy.sourceforge.io/tag/haproxy/ https://l2dy.sourceforge.io/2023/02/23/haproxy-https-to-http.html 2023-02-23T16:47:00+00:00 使用 HAProxy 可以将 https 的服务反向代理成 http，这样即使服务本身不好升级也能利用上 TLS 1.3 等更安全、高效的协议。这里给出一个示例配置，server-template 中 6 为生成的 server 数量。日志输出可以按需调整。global maxconn 10000 log stderr format iso local7 ssl-default-bind-options ssl-min-ver TLSv1.3 defaults timeout connect 100ms timeout client 30s timeout server 30s mode http maxconn 2000 frontend healthz bind *:8402 monitor-uri /healthz frontend stats bind *:8404 http-request use-service prometheus-exporter if { path /metrics } stats enable stats uri / stats refresh 5s frontend http-in bind *:80 log global option httplog use_backend proxy-%[req.hdr(host)],lower] default_backend deny resolvers defdns parse-resolv-conf accepted_payload_size 8192 resolve_retries 3 timeout resolve 1s timeout retry 2s hold other 1h hold refused 1h hold nx 1h hold timeout 1h hold valid 60s hold obsolete 30s backend proxy-g.co balance roundrobin http-reuse always server-template web 6 g.co:443 ssl verify required ca-file /etc/pki/tls/cert.pem check-sni g.co sni req.hdr(host) check inter 16s fastinter 2s resolvers defdns init-addr none backend deny http-request deny