-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhaproxy.cfg
46 lines (37 loc) · 1.21 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend web
bind 0.0.0.0:443 ssl crt /etc/haproxy/certs/nevergreen.io.pem
# set x-forward to https
reqadd X-Forwarded-Proto:\ https
# set X-SSL in case of ssl_fc <- explained below
http-request set-header X-SSL %[ssl_fc]
acl host_staging hdr(host) -i staging.nevergreen.io
acl host_production hdr(host) -i nevergreen.io
# figure out which one to use
use_backend staging if host_staging
use_backend production if host_production
default_backend production
# add/remove headers for increased security
http-response del-header Server
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
backend production
server 1 localhost:3000
server 2 localhost:3001
backend staging
server 1 localhost:4000