在已有Apache站点的服务器上设置Discourse

AstonJ · 2020 年1 月 5 日 20:22

对于 HTTPS，请查看我最新的配置文件：

global
	#
	# 上传至：/etc/haproxy/
	#
  # 若要让这些消息最终出现在 /var/log/haproxy.log 中，您需要：
  #
  # 1) 配置 syslog 以接受网络日志事件。这可以通过在
  #    /etc/sysconfig/syslog 中的 SYSLOGD_OPTIONS 添加 '-r' 选项来实现
  #
  # 2) 配置 local2 事件输出到 /var/log/haproxy.log 文件。可以在
  #    /etc/sysconfig/syslog 中添加如下行：
  #
  #    local2.*                       /var/log/haproxy.log
  #
  # log         127.0.0.1 local2


  tune.ssl.default-dh-param 2048

  ssl-default-bind-options no-sslv3 no-tls-tickets
  ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

  ssl-default-server-options no-sslv3 no-tls-tickets
  ssl-default-server-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA



  # chroot      /var/lib/haproxy
  pidfile     /var/run/haproxy.pid
  maxconn     4000
  user        haproxy
  group       haproxy
  daemon

  # 启用 stats unix socket
  stats socket /var/lib/haproxy/stats

  tune.ssl.default-dh-param 2048

defaults
  mode                    http
  log                     global
  option                  httplog
  option                  dontlognull
  option http-server-close
  # option forwardfor       except 127.0.0.0/8
  option forwardfor
  option                  redispatch
  retries                 3
  timeout http-request    10s
  timeout queue           1m
  timeout connect         10s
  timeout client          1m
  timeout server          1m
  timeout http-keep-alive 10s
  timeout check           10s
  maxconn                 3000


frontend http-in
  bind *:80
  bind :::80 
  bind *:443 ssl crt /etc/haproxy/certs/ no-sslv3 no-tlsv10
  bind :::443 ssl crt /etc/haproxy/certs/ no-sslv3 no-tlsv10
  acl letsencrypt-acl path_beg /.well-known/acme-challenge/
  use_backend letsencrypt-backend if letsencrypt-acl
  default_backend main_apache_sites
  reqadd X-Forwarded-Proto:\ https if { ssl_fc }


  # 定义主机
  redirect prefix http://forum1domain.com code 301 if { hdr(host) -i www.forum1domain.com }
  acl host_discourse hdr(host) -i forum1domain.com
  redirect prefix http://forum2domain.com code 301 if { hdr(host) -i www.forum2domain.com }
  acl host_discourse_2 hdr(host) -i forum2domain.com
  redirect prefix http://forum3domain.com code 301 if { hdr(host) -i www.forum3domain.com }
  acl host_discourse_3 hdr(host) -i forum3domain.com

  # 将站点重定向到 HTTPS
  acl ssl_redirect_hosts hdr(Host) -i forum2domain.com
  acl ssl_redirect_hosts hdr(Host) -i forum1domain.com
  acl ssl_redirect_hosts hdr(Host) -i forum3domain.com
  redirect scheme https if ssl_redirect_hosts !{ ssl_fc }
  redirect scheme https code 301 if !{ ssl_fc }


  # 确定使用哪一个
  use_backend discourse_docker if host_discourse
  use_backend discourse_docker_2 if host_discourse_2
  use_backend discourse_docker_3 if host_discourse_3


backend main_apache_sites
  server server1 127.0.0.1:8080 cookie A check
  cookie JSESSIONID prefix nocache

backend discourse_docker
  server server2 127.0.0.1:8888 cookie A check
  cookie JSESSIONID prefix nocache

backend discourse_docker_2
  server server2 127.0.0.1:8889 cookie A check
  cookie JSESSIONID prefix nocache

backend discourse_docker_3
  server server2 127.0.0.1:8890 cookie A check
  cookie JSESSIONID prefix nocache

backend letsencrypt-backend
  server letsencrypt 127.0.0.1:54321

话题		回复	浏览量
Discourse not loading with Apache and proxy redirect Self-hosting	8	2456	2020 年8 月 14 日
Discourse + web server. Possible or better to avoid? Self-hosting	17	3752	2020 年8 月 14 日
I want to install using a reverse proxy for Apache Self-hosting	13	4552	2021 年8 月 8 日
Run other websites on the same machine as Discourse Self-Hosting advanced-setup , how-to	66	136978	2025 年2 月 23 日
Fresh install returning 502 Bad Gateway Self-hosting unsupported-install	28	833	2024 年4 月 11 日

在已有Apache站点的服务器上设置Discourse

相关话题