Last active
September 11, 2018 16:02
-
-
Save althunibat/d8e32ea4524ee038a59adeb8a9d75e47 to your computer and use it in GitHub Desktop.
#HAProxy config for #docker_registry (SSL, HTTP/2, statistics, Healthcheck, ssl redirection)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#--------------------------------------------------------------------- | |
# Global settings | |
#--------------------------------------------------------------------- | |
global | |
maxconn 5120 | |
tune.ssl.default-dh-param 2048 | |
#--------------------------------------------------------------------- | |
# common defaults that all the 'listen' and 'backend' sections will | |
# use if not designated in their block | |
#--------------------------------------------------------------------- | |
defaults | |
mode http | |
log global | |
timeout connect 5s | |
timeout client 5s | |
timeout server 5s | |
retries 3 | |
#--------------------------------------------------------------------- | |
# Listen registry | |
#--------------------------------------------------------------------- | |
frontend registry | |
# we need to bind both to http and https | |
# because registry communication will fail | |
bind :80 | |
bind :443 ssl crt /usr/local/etc/haproxy/registry.pem alpn h2,http/1.1 | |
option forwardfor | |
http-request set-header X-Forwarded-Proto https if { ssl_fc } | |
redirect scheme https if !{ ssl_fc } | |
acl host_registry hdr(host) -i registry.mycompany.com | |
use_backend registry-cluster if host_registry | |
backend registry-cluster | |
stats enable | |
stats hide-version | |
stats refresh 30s | |
stats show-node | |
stats uri /haproxy?stats | |
redirect scheme https if !{ ssl_fc } | |
balance roundrobin | |
server node1 registry-1:5000 check | |
server node2 registry-2:5000 check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment