Haproxy Route Acme-tls/1

15 Januari 2021 • 1 menit untuk membaca artikel ini

HAProxy v2.2 punya req_ssl.alpn. Deskripsinya aku kutip dari dokumentasi:

Returns a string containing the values of the Application-Layer Protocol
Negotiation (ALPN) TLS extension (RFC7301), sent by the client within the SSL
ClientHello message. Note that this only applies to raw contents found in the
request buffer and not to the contents deciphered via an SSL data layer, so
this will not work with "bind" lines having the "ssl" option. This is useful
in ACL to make a routing decision based upon the ALPN preferences of a TLS
client, like in the example below. See also "ssl_fc_alpn".

Fitur tersebut sangat berguna ketika aku mau route validasi Let’s Encrypt pakai Challenge TLS-ALPN-01 ke endpoint tertentu.

Singkatnya, seperti ini caraku routing protokol acme-tls/1 dari Let’s encrypt

frontend tcp_443
        bind *:443
        mode tcp 
        option tcplog

        tcp-request inspect-delay 5s
        tcp-request content capture req.ssl_sni len 25
        tcp-request content accept if { req_ssl_hello_type 1 }
        
        #
        # route to traefik if req ssl_alpn is acme-tls/1
        # 
        use_backend traefikv1_acme if { req.ssl_alpn acme-tls/1 }

Penutup, aku tegaskan lagi catatan dari dokumentasi HAProxy: Note that this only applies to raw contents found in the request buffer and not to the contents deciphered via an SSL data layer, so this will not work with “bind” lines having the “ssl” option.

Techlinuxhaproxy

Sumarsono

System Administrator
Kembali ke atas

Setup Haproxy Dan Keepalived Di Debian 10>>

<<HAproxy Dynamic Responses