Add option for HAproxy to act a SSL frontend termination point for loadbalanced RGW instances.

Signed-off-by: Stanley Lam <stanleylam_604@hotmail.com>
(cherry picked from commit ad7a5dad3f)
pull/5038/head
Stanley Lam 2019-11-21 14:40:51 -08:00 committed by Dimitri Savineau
parent 5c3ba0787c
commit 0336a1476f
3 changed files with 31 additions and 1 deletions

View File

@ -14,6 +14,17 @@ dummy:
########### ###########
#haproxy_frontend_port: 80 #haproxy_frontend_port: 80
#haproxy_frontend_ssl_port: 443
#haproxy_frontend_ssl_certificate:
#haproxy_ssl_dh_param: 4096
#haproxy_ssl_ciphers:
# - EECDH+AESGCM
# - EDH+AESGCM
#haproxy_ssl_options:
# - no-sslv3
# - no-tlsv10
# - no-tlsv11
# - no-tls-tickets
# #
#virtual_ips: #virtual_ips:
# - 192.168.238.250 # - 192.168.238.250

View File

@ -6,6 +6,17 @@
########### ###########
haproxy_frontend_port: 80 haproxy_frontend_port: 80
haproxy_frontend_ssl_port: 443
haproxy_frontend_ssl_certificate:
haproxy_ssl_dh_param: 4096
haproxy_ssl_ciphers:
- EECDH+AESGCM
- EDH+AESGCM
haproxy_ssl_options:
- no-sslv3
- no-tlsv10
- no-tlsv11
- no-tls-tickets
# #
#virtual_ips: #virtual_ips:
# - 192.168.238.250 # - 192.168.238.250

View File

@ -9,7 +9,11 @@ global
group haproxy group haproxy
daemon daemon
stats socket /var/lib/haproxy/stats stats socket /var/lib/haproxy/stats
{%- if haproxy_frontend_ssl_certificate %}
tune.ssl.default-dh-param {{ haproxy_ssl_dh_param }}
ssl-default-bind-ciphers {{ haproxy_ssl_ciphers | join(':') }}
ssl-default-bind-options {{ haproxy_ssl_options | join(' ') }}
{% endif %}
defaults defaults
mode http mode http
log global log global
@ -29,7 +33,11 @@ defaults
maxconn 8000 maxconn 8000
frontend rgw-frontend frontend rgw-frontend
{% if haproxy_frontend_ssl_certificate %}
bind *:{{ haproxy_frontend_ssl_port }} ssl crt {{ haproxy_frontend_ssl_certificate }}
{% else %}
bind *:{{ haproxy_frontend_port }} bind *:{{ haproxy_frontend_port }}
{% endif %}
default_backend rgw-backend default_backend rgw-backend
backend rgw-backend backend rgw-backend