-
Notifications
You must be signed in to change notification settings - Fork 1
/
sample-haproxy.conf
60 lines (51 loc) · 1.81 KB
/
sample-haproxy.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
global
maxconn 1028
log local0
log local1 notice
# ca-base /etc/ssl/certs
# crt-base /etc/ssl/private
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
daemon
defaults
option forwardfor
log global
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
stats enable
stats uri /stats
stats realm Haproxy\ Statistics
stats auth {{ USER }}:{{ PASS }}
backend per_ip_rates
stick-table type ip size 1m expire 10m store http_req_rate(5s)
frontend http_in
bind *:80
mode http
http-request track-sc0 src table per_ip_rates
maxconn 2000000
option httplog
option http-server-close
option forwardfor
log global
log-format frontend:%f/%H/%fi:%fp\ client:%ci:%cp\ GMT:%T\ body:%[capture.req.hdr(0)]\ request:%r
reqadd X-Forwarded-Proto:\ http
acl letsencrypt_http_acl path_beg /.well-known/acme-challenge/
acl letsencrypt_http_acl2 path_sub acme-challenge
redirect scheme https if !letsencrypt_http_acl
use_backend letsencrypt_http if letsencrypt_http_acl || letsencrypt_http_acl2
frontend https-in
bind *:443 ssl crt /usr/local/etc/haproxy/default.pem crt /usr/local/etc/haproxy/certs.d ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
reqadd X-Forwarded-Proto:\ https
mode http
use_backend sentry if { hdr_end(host) -i sentry.10d.ir }
backend letsencrypt_http
mode http
server letsencrypt_http_srv 127.0.0.1:8080
backend sentry
mode http
balance leastconn
option http-server-close
option forwardfor
option http-pretend-keepalive
server pm4-as-sentry {{ IP_ADDRESS }}:9000 check weight 1