HAProxy SSL代理
HAProxy 是一款高性能负载均衡工具,不过他的功能也能拿来做反向代理或者隧道代理类似的东西。
配置文件如下,可以使用SSL卸载证书或者使用自己的证书。
frontend ft_imap
bind *:143
log global
option tcplog
mode tcp
timeout client 1m
default_backend bk_imaps
frontend ft_imaps
bind *:993 ssl crt /etc/haproxy/server.pem
log global
option tcplog
mode tcp
timeout client 1m
default_backend bk_imaps
backend bk_imaps
log global
option tcplog
mode tcp
timeout server 1m
timeout connect 7s
server imaps1 imap.126.com:993 ssl verify none
注意:需要的证书文件必须是公钥私钥放在一个文件的,可以用以下命令生成(就是两个文件的内容放一块)。
cat server.crt server.key > server.includesprivatekey.pem
参考链接:
- https://www.linuxbabe.com/mail-server/smtp-imap-proxy-with-haproxy-debian-ubuntu-centos
- https://sectigostore.com/blog/what-is-ssl-offloading-features-benefits-of-ssl-offloading/
- https://serverfault.com/questions/1036927/haproxy-ssl-termination-with-exception-for-a-specific-domain-wildcard-ssl-certi
- https://gist.github.com/ferdinandosimonetti/b2a36b3aee5b83bb4d67bf153f28bb64
- https://discourse.haproxy.org/t/http-frontend-with-https-backend/2056
- https://www.haproxy.com/blog/haproxy-ssl-termination/