-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhaproxy.cfg
112 lines (90 loc) · 2.81 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
global
# log /dev/log local0
# log /dev/log local1 notice
chroot /var/lib/haproxy
tune.ssl.default-dh-param 2048
user haproxy
group haproxy
daemon
defaults
#log global
mode http
#option httplog
#option dontlognull
retries 3
#option redispatch
option http-server-close
#does next line kill image post?
option http-pretend-keepalive
option forwardfor
maxconn 32
timeout connect 5000
timeout client 50000
timeout server 50000
# errorfile 400 /etc/haproxy/errors/400.http
# errorfile 403 /etc/haproxy/errors/403.http
# errorfile 408 /etc/haproxy/errors/408.http
# errorfile 500 /etc/haproxy/errors/500.http
# errorfile 502 /etc/haproxy/errors/502.http
# errorfile 503 /etc/haproxy/errors/503.http
# errorfile 504 /etc/haproxy/errors/504.http
# inspired by
# http://pastebin.com/4skE66SZ
frontend letsencrypt-in
bind *:443
mode tcp
default_backend be_letsencrypt
frontend xmpp-in
mode tcp
timeout client 3h
timeout server 3h
#enable sending keepalive
option clitcpka
bind *:5222
default_backend be_xmpp
frontend xmpp-in2
mode tcp
bind *:5322
default_backend be_xmpp2
frontend http-in
bind *:80
#bind *:443 ssl crt /etc/haproxy/certs.d ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM no-sslv3
#bind *:443 ssl crt /etc/haproxy/certs.d ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS no-sslv3
# bind *:443 ssl crt /etc/haproxy/certs.d ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS no-sslv3
##
acl is_huiswerk hdr(host) -i huiswerk.mobip.nl
acl is_plasterk hdr(host) -i plasterk.pump.ninja
acl is_adoring_booth hdr(host) -i adoring_booth.pump.ninja
acl HAS_SSL ssl_fc
#Tell backends that we actually using a secure connetion
reqadd X-Forwarded-Proto:\ https if HAS_SSL
# Secure whole subdomains
# redirect scheme https if !HAS_SSL is_vegas_mobip
# redirect scheme https if !HAS_SSL is_groen_mobip
# redirect scheme https if !HAS_SSL is_pump_kuopzi
# redirect scheme https if !HAS_SSL is_odoo
#Backend
use_backend be_plasterk if is_plasterk
use_backend be_adoring_booth if is_adoring_booth
default_backend be_def
backend be_def
#server server1 172.17.42.1:32779
server server1 172.17.0.5:80
# https to letsencrypt
backend be_letsencrypt
mode tcp
server server1 172.17.0.5:443
backend be_xmpp
mode tcp
timeout server 3h
option srvtcpka
server server1 172.17.0.4:5222
backend be_xmpp2
mode tcp
server server1 172.17.0.4:5322
backend be_huiswerk
server server1 127.0.0.1:8080
backend be_plasterk
server server1 172.17.0.3:80
backend be_adoring_booth
server server1 172.17.0.2:80