Last active
February 3, 2019 23:53
-
-
Save NickMRamirez/a0e9c647bb545bacaa87abed716f2068 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend st_src_global | |
stick-table type ip size 1m expire 10m store http_req_rate(10m) | |
backend st_src_login | |
stick-table type ip size 1m expire 10m store http_req_rate(10m) | |
backend st_src_api | |
stick-table type ip size 1m expire 10m store http_req_rate(10m) | |
frontend fe_main | |
bind *:80 | |
http-request track-sc0 src table st_src_global | |
http-request track-sc1 src table st_src_login if | |
↪ { path_beg /login } | |
http-request track-sc1 src table st_src_api if { path_beg /api } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe_main | |
bind :80 | |
default_backend be_main | |
backend be_main | |
balance roundrobin | |
server srv1 127.0.0.1:8080 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
log /dev/log local0 | |
debug | |
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS | |
ssl-default-bind-options ssl-min-ver TLSv1.1 | |
chroot /var/lib/haproxy | |
user haproxy | |
group haproxy | |
lua-load /usr/local/share/lua/5.3/jwtverify.lua | |
setenv OAUTH_PUBKEY_PATH /usr/local/etc/haproxy/pem/pubkey.pem | |
setenv OAUTH_ISSUER https://nickram44.auth0.com/ | |
setenv OAUTH_AUDIENCE https://api.mywebsite.com | |
defaults | |
log global | |
mode http | |
option httplog | |
timeout connect 10s | |
timeout client 30s | |
timeout server 30s | |
option http-buffer-request | |
frontend api_gateway | |
bind :443 ssl crt /usr/local/etc/haproxy/pem/test.com.pem alpn h2,http1.1 | |
default_backend apiservers | |
http-request deny if { req.hdr_cnt(authorization) le 0 } | |
http-request lua.jwtverify | |
http-request deny if ! { var(req.authorized) eq 1 } | |
http-request deny if { path_beg /api/hamsters } { method GET } ! { var(req.oauth_scopes) -m sub read:hamsters } | |
http-request deny if { path_beg /api/hamsters } { method POST PUT DELETE } ! { var(req.oauth_scopes) -m sub write:hamsters } | |
backend apiservers | |
balance roundrobin | |
server server1 127.0.0.1:8080 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment