-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathhaproxy.cfg
143 lines (129 loc) · 3.18 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#-----
# Configuration for use with OpenShift
#-----
#-----
# Global configuration
#-----
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# enable statistics
stats socket /var/lib/haproxy/stats
# use system cryptographic policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
# Defaults for frontends and backends
#-----
defaults
mode http
log global
option log-health-checks
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 30s
timeout server 30s
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#-----
# DNS resolver querying
#-----
resolvers cluster-dns
nameserver dns1 192.168.200.1:53
#-----
# HAProxy status front end
#-----
frontend stats
bind *:8404
stats enable
stats uri /stats
stats refresh 10s
stats admin if LOCALHOST
#-----
# OpenShift public API front end
#-----
frontend openshift-api-server
bind *:6443
default_backend openshift-api-server
mode tcp
option tcplog
#-----
# OpenShift public API back end
#-----
backend openshift-api-server
balance source
mode tcp
server-template {{ bootstrap.hostname }} 1 {{ bootstrap.fqdn }}:6443 check resolvers cluster-dns init-addr none
{% for host in masters %}
server {{ host.hostname }} {{ host.fqdn }}:6443 check
{% endfor %}
#-----
# OpenShift internal API front end
#-----
frontend machine-config-server
bind *:22623
default_backend machine-config-server
mode tcp
option tcplog
#-----
# OpenShift internal API back end
#-----
backend machine-config-server
balance source
mode tcp
server-template {{ bootstrap.hostname }} 1 {{ bootstrap.fqdn }}:22623 check resolvers cluster-dns init-addr none
{% for host in masters %}
server {{ host.hostname }} {{ host.fqdn }}:22623 check
{% endfor %}
#-----
# OpenShift HTTP ingress front end
#-----
frontend ingress-http
bind *:80
default_backend ingress-http
mode tcp
option tcplog
#-----
# OpenShift HTTP ingress back end
#-----
backend ingress-http
balance source
mode tcp
{% for host in infras %}
server {{ host.hostname }} {{ host.fqdn }}:80 check
{% endfor %}
{% for host in workers %}
server {{ host.hostname }} {{ host.fqdn }}:80 check
{% endfor %}
#-----
# OpenShift HTTPS ingress front end
#-----
frontend ingress-https
bind *:443
default_backend ingress-https
mode tcp
option tcplog
#-----
# OpenShift HTTPS ingress back end
#-----
backend ingress-https
balance source
mode tcp
{% for host in infras %}
server {{ host.hostname }} {{ host.fqdn }}:443 check
{% endfor %}
{% for host in workers %}
server {{ host.hostname }} {{ host.fqdn }}:443 check
{% endfor %}