Haproxy配置支持https獲取用戶IP地址

global
    log         127.0.0.1 local0

    chroot      /var/lib/haproxy        #chroot運行路徑
    pidfile     /var/run/haproxy.pid    #haproxy 進程PID文件
    maxconn     65535                   #默認最大連接數,需考慮ulimit-n限制
    user        haproxy
    group       haproxy
    daemon                              #以后台形式運行harpoxy

      ssl-default-bind-ciphers TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
      ssl-default-bind-options no-sslv3 no-tls-tickets

    tune.ssl.default-dh-param 2048
 ssl-server-verify none
    stats socket /var/lib/haproxy/stats

defaults
    option                  forwardfor
    option                  httpclose
    option                  dontlognull #不記錄健康檢查日志信息
    option                  redispatch  #當serverId對應的服務器掛掉后，強制定向到其他健康的服務器，以后將不支持
    retries                 3           #兩次連接失敗就認為是服務器不可用，也可以通過后面設置
    timeout connect         10s         #連接超時
    timeout client          50s         #客戶端超時
    timeout server          50s         #服務器超時
    maxconn                 65535       #默認最大連接數,需考慮ulimit-n限制

########統計頁面配置########

listen admin_stats
    bind        0.0.0.0:5000            #設置Frontend和Backend的組合體，監控組的名稱，按需要自定義名稱
    mode        http                    #http的7層模式
    stats       refresh 30s             #統計頁面自動刷新時間
    stats       uri     /haproxy        #統計頁面url
    stats       realm   Cloud\Haproxy   #統計頁面密碼框上提示文本
    stats       auth    admin:admin     #設置監控頁面的用戶和密碼:admin,可以設置多個用戶名
    stats       hide-version            #隱藏統計頁面上HAProxy的版本信息
    stats       admin if TRUE           #設置手工啟動/禁用，后端服務器(haproxy-1.4.9以后版本)

########frontend前端配置##############

########backend后端配置##############

listen http_80
    bind 0.0.0.0:80
    mode http
    balance leastconn
    log global
    log-format "%Tl",%{+Q}ci,"%fi:%fp",%{+Q}bi,%{+Q}r,%ST,%B,%{+Q}hr,%Tt
    option httpclose
    option forwardfor
    option http-server-close
    capture request header Host len 255
    capture request header User-Agent len 255
    capture request header Referer len 255
    capture request header Cookie len 255
    timeout http-request 50s
    timeout http-keep-alive 55s
    server http_80_web1_80 192.168.6.15:80 cookie web1_80 weight 10 check inter 3000 rise 3 fall 5
    server http_80_web2_80 192.168.6.16:80 cookie web2_80 weight 10 check inter 3000 rise 3 fall 5
    acl ericdress_com hdr(host) -m str ericdress.com
    redirect prefix http://www.ericdress.com code 301 if ericdress_com

########tcp配置#################
listen https_443
    bind *:443 ssl crt /etc/ssl/certs/eric.pem #需要設置證書文件的位置 mode http option httpclose option forwardfor reqadd X-Forwarded-Proto:\ https #增加http頭 capture request header Host len 255 capture request header User-Agent len 255 capture request header Referer len 255 capture request header Cookie len 255
    timeout http-request 50s
    timeout http-keep-alive 55s
    server http_443_web1_443 192.168.6.15:443 ssl cookie web1_443 weight 10 check inter 3000 rise 3 fall 5 server http_443_web2_443 192.168.6.16:443 ssl cookie web2_443 weight 10 check inter 3000 rise 3 fall 5

 http://www.haproxy.com/doc/aloha/7.0/haproxy/tls.html