-
Notifications
You must be signed in to change notification settings - Fork 42
/
Copy pathhaproxy.cfg
57 lines (46 loc) · 1.48 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
global
#debug
chroot /var/lib/haproxy
user haproxy
group haproxy
pidfile /var/run/haproxy.pid
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
ssl-default-bind-options ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3 no-tls-tickets force-tlsv12
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
spread-checks 4
tune.maxrewrite 1024
tune.ssl.default-dh-param 2048
defaults
mode http
balance roundrobin
option dontlognull
option dontlog-normal
option redispatch
maxconn 5000
timeout connect 5s
timeout client 20s
timeout server 20s
timeout queue 30s
timeout http-request 5s
timeout http-keep-alive 15s
frontend http-in
bind *:80
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
http-request add-header X-Forwarded-Proto https
stats enable
stats refresh 30s
#stats hide-version
stats realm Strictly\ Private
stats auth admin:admin
stats uri /admin?stats
default_backend nodes-http
frontend https-in
mode tcp
bind *:443 ssl crt /etc/ssl/private/dummy.pem alpn h2,http/1.1
use_backend nodes-http if { ssl_fc_alpn -i h2 }
default_backend nodes-http
backend nodes-http
server node1 web.server:80 check