Skip to content

Instantly share code, notes, and snippets.

@althunibat

althunibat/haproxy.cfg

Last active September 11, 2018 16:02
Show Gist options
  • Save althunibat/d8e32ea4524ee038a59adeb8a9d75e47 to your computer and use it in GitHub Desktop.
Save althunibat/d8e32ea4524ee038a59adeb8a9d75e47 to your computer and use it in GitHub Desktop.
Download ZIP
#HAProxy config for #docker_registry (SSL, HTTP/2, statistics, Healthcheck, ssl redirection)
Raw
haproxy.cfg
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
maxconn 5120
tune.ssl.default-dh-param 2048
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
timeout connect 5s
timeout client 5s
timeout server 5s
retries 3
#---------------------------------------------------------------------
# Listen registry
#---------------------------------------------------------------------
frontend registry
# we need to bind both to http and https
# because registry communication will fail
bind :80
bind :443 ssl crt /usr/local/etc/haproxy/registry.pem alpn h2,http/1.1
option forwardfor
http-request set-header X-Forwarded-Proto https if { ssl_fc }
redirect scheme https if !{ ssl_fc }
acl host_registry hdr(host) -i registry.mycompany.com
use_backend registry-cluster if host_registry
backend registry-cluster
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats uri /haproxy?stats
redirect scheme https if !{ ssl_fc }
balance roundrobin
server node1 registry-1:5000 check
server node2 registry-2:5000 check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment