panda
/
DEMO_Geobal


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
							global
	log /dev/log   local0
	log /dev/log   local1 notice
#	chroot /var/lib/haproxy
	stats timeout 30s
	user haproxy
	group haproxy
	daemon
	external-check
	insecure-fork-wanted

defaults
	log global
	option httplog
	option dontlognull
	option dontlog-normal
	timeout client 30s
	timeout server 30s
	timeout connect 5s
#	errorfile 400 /etc/haproxy/errors/400.http
#	errorfile 403 /etc/haproxy/errors/403.http
#	errorfile 408 /etc/haproxy/errors/408.http
#	errorfile 500 /etc/haproxy/errors/500.http
#	errorfile 502 /etc/haproxy/errors/502.http
#	errorfile 503 /etc/haproxy/errors/503.http
#	errorfile 504 /etc/haproxy/errors/504.http

resolvers mydns
	nameserver dns1 1.1.1.1:53
	nameserver dns2 8.8.8.8:53
	resolve_retries 3
	timeout resolve 1s
	timeout retry   1s
	hold other      10s
	hold refused    10s
	hold nx         10s
	hold timeout    10s
	hold valid      10s
	hold obsolete   10s


##########################################################################################
#FRONTENDS:
##########################################################################################

############## HTTP:

frontend ft_http
	mode http
	bind *:80       
	option httplog
	option forwardfor

	#ACL:
        acl geobaldemo-burdigone_http hdr_dom(host) -i geobaldemo.burdig.one

	#BACKENDS:
	use_backend bk_geobaldemo-burdigone_http if geobaldemo-burdigone_http


############ HTTPS_SNI:

frontend ft_https_sni_global
	bind *:443
	mode tcp

	acl geobaldemo-burdigone_https req.ssl_sni -i geobaldemo.burdig.one

	use_backend bk_geobaldemo-burdigone_https if geobaldemo-burdigone_https

	tcp-request inspect-delay 2s
	tcp-request content reject if !geobaldemo-burdigone_https


##########################################################################################
#BACKENDS:
##########################################################################################

backend bk_redirect_https
	mode http
	redirect scheme https if !{ ssl_fc }

backend bk_geobaldemo-burdigone_https
	mode tcp
	server srv-geobaldemo-burdigone_https 127.0.0.1:10443 check sni req.ssl_sni 

backend bk_geobaldemo-burdigone_http
	mode http
	server srv-geobaldemo-burdigone_http 127.0.0.1:8000 check

listen stats
	bind *:9000
	mode http
	stats enable
	stats uri /stats
	stats realm HAProxy\ Statistics
	stats refresh 20s
	stats show-node
	stats show-legends
	stats show-desc HAPROXY
	stats auth admin:Passw0rd
	stats admin if TRUE

#Hello!