|
|
@@ -0,0 +1,102 @@
|
|
|
+global
|
|
|
+ log /dev/log local0
|
|
|
+ log /dev/log local1 notice
|
|
|
+# chroot /var/lib/haproxy
|
|
|
+ stats timeout 30s
|
|
|
+ user haproxy
|
|
|
+ group haproxy
|
|
|
+ daemon
|
|
|
+ external-check
|
|
|
+ insecure-fork-wanted
|
|
|
+
|
|
|
+defaults
|
|
|
+ log global
|
|
|
+ option httplog
|
|
|
+ option dontlognull
|
|
|
+ option dontlog-normal
|
|
|
+ timeout client 30s
|
|
|
+ timeout server 30s
|
|
|
+ timeout connect 5s
|
|
|
+# errorfile 400 /etc/haproxy/errors/400.http
|
|
|
+# errorfile 403 /etc/haproxy/errors/403.http
|
|
|
+# errorfile 408 /etc/haproxy/errors/408.http
|
|
|
+# errorfile 500 /etc/haproxy/errors/500.http
|
|
|
+# errorfile 502 /etc/haproxy/errors/502.http
|
|
|
+# errorfile 503 /etc/haproxy/errors/503.http
|
|
|
+# errorfile 504 /etc/haproxy/errors/504.http
|
|
|
+
|
|
|
+resolvers mydns
|
|
|
+ nameserver dns1 1.1.1.1:53
|
|
|
+ nameserver dns2 8.8.8.8:53
|
|
|
+ resolve_retries 3
|
|
|
+ timeout resolve 1s
|
|
|
+ timeout retry 1s
|
|
|
+ hold other 10s
|
|
|
+ hold refused 10s
|
|
|
+ hold nx 10s
|
|
|
+ hold timeout 10s
|
|
|
+ hold valid 10s
|
|
|
+ hold obsolete 10s
|
|
|
+
|
|
|
+
|
|
|
+##########################################################################################
|
|
|
+#FRONTENDS:
|
|
|
+##########################################################################################
|
|
|
+
|
|
|
+############## HTTP:
|
|
|
+
|
|
|
+frontend ft_http
|
|
|
+ mode http
|
|
|
+ bind *:80
|
|
|
+ option httplog
|
|
|
+ option forwardfor
|
|
|
+
|
|
|
+ #ACL:
|
|
|
+ acl geobaldemo-burdigone_http hdr_dom(host) -i geobaldemo.burdig.one
|
|
|
+
|
|
|
+ #BACKENDS:
|
|
|
+ use_backend bk_geobaldemo-burdigone_http if geobaldemo-burdigone_http
|
|
|
+
|
|
|
+
|
|
|
+############ HTTPS_SNI:
|
|
|
+
|
|
|
+frontend ft_https_sni_global
|
|
|
+ bind *:443
|
|
|
+ mode tcp
|
|
|
+
|
|
|
+ acl geobaldemo-burdigone_https req.ssl_sni -i geobaldemo.burdig.one
|
|
|
+
|
|
|
+ use_backend bk_geobaldemo-burdigone_https if geobaldemo-burdigone_https
|
|
|
+
|
|
|
+ tcp-request inspect-delay 2s
|
|
|
+ tcp-request content reject if !geobaldemo-burdigone_https
|
|
|
+
|
|
|
+
|
|
|
+##########################################################################################
|
|
|
+#BACKENDS:
|
|
|
+##########################################################################################
|
|
|
+
|
|
|
+backend bk_redirect_https
|
|
|
+ mode http
|
|
|
+ redirect scheme https if !{ ssl_fc }
|
|
|
+
|
|
|
+backend bk_geobaldemo-burdigone_https
|
|
|
+ mode tcp
|
|
|
+ server srv-geobaldemo-burdigone_https 127.0.0.1:443 check sni req.ssl_sni
|
|
|
+
|
|
|
+backend bk_geobaldemo-burdigone_http
|
|
|
+ mode http
|
|
|
+ server srv-geobaldemo-burdigone_http 127.0.0.1:80 check
|
|
|
+
|
|
|
+listen stats
|
|
|
+ bind *:9000
|
|
|
+ mode http
|
|
|
+ stats enable
|
|
|
+ stats uri /stats
|
|
|
+ stats realm HAProxy\ Statistics
|
|
|
+ stats refresh 20s
|
|
|
+ stats show-node
|
|
|
+ stats show-legends
|
|
|
+ stats show-desc HAPROXY
|
|
|
+ stats auth admin:Passw0rd
|
|
|
+ stats admin if TRUE
|
