-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathhaproxy.cfg
More file actions
85 lines (67 loc) · 3 KB
/
haproxy.cfg
File metadata and controls
85 lines (67 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# -------------------------------------------------------------------------------------------------
# GLOBALS
# -------------------------------------------------------------------------------------------------
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
daemon
tune.ssl.default-dh-param 2048
# -------------------------------------------------------------------------------------------------
# DEFAULTS
# -------------------------------------------------------------------------------------------------
defaults
log global
retries 3
maxconn 2000
timeout connect 5s
timeout client 60s
timeout server 60s
option httplog
option dontlognull
option forwardfor
option http-server-close
# -------------------------------------------------------------------------------------------------
# FRONTEND HTTP
# -------------------------------------------------------------------------------------------------
frontend http-in
# Frontend Configuration
bind *:80
mode http
# [Request Header] X-Forwarded-Proto
reqadd X-Forwarded-Proto:\ http
# [Response Header] Via (if already set append, otherwise set initially)
acl h_via_exists res.hdr(Via) -m found
http-response replace-header Via (.*) "\1, %[res.ver] %[env(HOSTNAME)] (HAProxy/__VERSION__)" if h_via_exists
http-response set-header Via "%[res.ver] %[env(HOSTNAME)] (HAProxy/__VERSION__)" if !h_via_exists
# What backend to use
default_backend application
# -------------------------------------------------------------------------------------------------
# FRONTEND HTTPS
# -------------------------------------------------------------------------------------------------
frontend https-in
# Frontend Configuration
bind *:443 ssl crt /usr/local/etc/haproxy/ssl/ alpn h2,http/1.1
mode http
# [Request Header] X-Forwarded-Proto
reqadd X-Forwarded-Proto:\ https
# [Response Header] Via (if already set append, otherwise set initially)
acl h_via_exists res.hdr(Via) -m found
http-response replace-header Via (.*) "\1, %[res.ver] %[env(HOSTNAME)] (HAProxy/__VERSION__)" if h_via_exists
http-response set-header Via "%[res.ver] %[env(HOSTNAME)] (HAProxy/__VERSION__)" if !h_via_exists
# What backend to use
default_backend application
# -------------------------------------------------------------------------------------------------
# BACKEND
# -------------------------------------------------------------------------------------------------
backend application
mode http
balance leastconn
option forwardfor
cookie JSESSIONID prefix
# Set the real client IP (from browser) for hext hop (node1)
http-request set-header X-Client-IP %[src]
#http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }
#http-request add-header Via2 1.1\ %[env(HOSTNAME)]
server node1 __BACKEND_ADDR__:__BACKEND_PORT__