-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhaproxy.cfg
More file actions
52 lines (47 loc) · 1.65 KB
/
haproxy.cfg
File metadata and controls
52 lines (47 loc) · 1.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
global
daemon
group haproxy
log 127.0.0.1 local0
maxconn 20000
pidfile /var/run/haproxy.pid
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM;
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
stats socket /run/haproxy/admin.sock user haproxy group haproxy mode 660 level admin
tune.bufsize 32768
tune.maxrewrite 16384
tune.ssl.default-dh-param 2048
user haproxy
ssl-default-bind-options ssl-min-ver TLSv1.2
defaults
log global
maxconn 8000
option redispatch
retries 3
mode http
monitor-uri /ha_health
no option allbackups
option forwardfor
timeout connect 1m
timeout client 1m
timeout server 1m
balance roundrobin
frontend ft_allapps
bind 0.0.0.0:80
bind 0.0.0.0:443 ssl crt /usr/local/etc/haproxy/cert.pem curves X25519:secp521r1:secp384r1:prime256v1 ciphers EECDH+AESGCM:EDH+AESGCM no-sslv3 no-tlsv10 no-tlsv11
redirect scheme https code 301 if !{ ssl_fc }
option httplog
option forwardfor
option http-server-close
option httpclose
http-response add-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
http-request redirect scheme https unless { ssl_fc }
http-response add-header X-Frame-Options DENY
http-request add-header X-Forwarded-Proto https
use_backend %[req.hdr(host),lower,map_dom(/usr/local/etc/haproxy/backend.map,domain1)]
# domain1.domain.com
backend domain1
cookie SERVERID insert indirect nocache
server catsapp-production 192.168.10.20:7777 check cookie catsapp-production verify none init-addr libc,none
# domain2.domain.com
backend domain2
server tigersapp-production 192.168.10.80:80 check verify none init-addr libc,none