haproxy配置ca证书

global

#log /dev/log local6
#log local7
#log 192.168.1.48:51405 local7
log 127.0.0.1 local0 info
maxconn 100000
#nbproc 16
#chroot /usr/share/haproxy
uid 99
gid 99
daemon
#debug
stats socket /var/run/haproxy.stat mode 644
quiet

defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option forceclose
option forwardfor
option redispatch
option allbackups
option http-server-close
option log-health-checks
#option nolinger
#option splice-auto
#option tcpka
retries 3
balance roundrobin
maxconn 20000
timeout connect 10000
timeout client 50000
timeout server 50000
timeout check 10000

listen haproxy-statistics
bind 0.0.0.0:11180
stats enable
stats admin if TRUE
stats refresh 30s
stats hide-version
stats uri /status
stats realm Haproxy\ statistics
stats auth mrgaoyb:jusfoun

listen haproxy-monitoring
bind 0.0.0.0:11190
mode health
monitor-net 192.168.1.0/24
no option forceclose
no option httpclose
no option http-server-close

frontend http-in
bind *:80

acl www.aaa.com hdr_beg(host) -i www.aaa.com
redirect scheme https if { hdr(Host) -i www.aaa.com } !{ ssl_fc }
#use_backend www.aaa.com if www.aaa.com
#default_backend www.bbb.com

frontend https-in
bind *:443 ssl crt /opt/haproxy/ca/aaa.com.pem
acl www.aaa.com hdr_beg(host) -i www..aaa.com
use_backend www.aaa.com if www.aaa.com

backend www.aaa.com
option httpchk GET /do_not_delete/noc.gif HTTP/1.1\r\nHost:\ so.iautos.cn
server nginx 192.168.1.2:5555 #check inter 10000 rise 2 fall 3