Created
April 5, 2016 17:01
-
-
Save brndnmtthws/fc1336c739bd690d5bd0ba2ff355a1ba to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
core@ip-10-0-7-27 ~ $ curl http://marathon-lb.marathon.mesos:9090/_haproxy_getconfig | |
global | |
daemon | |
log /dev/log local0 | |
log /dev/log local1 notice | |
maxconn 50000 | |
tune.ssl.default-dh-param 2048 | |
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS | |
ssl-default-bind-options no-sslv3 no-tls-tickets | |
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS | |
ssl-default-server-options no-sslv3 no-tls-tickets | |
stats socket /var/run/haproxy/socket | |
server-state-file global | |
server-state-base /var/state/haproxy/ | |
lua-load /marathon-lb/getpids.lua | |
lua-load /marathon-lb/getconfig.lua | |
defaults | |
load-server-state-from-file global | |
log global | |
retries 3 | |
backlog 10000 | |
maxconn 10000 | |
timeout connect 3s | |
timeout client 30s | |
timeout server 30s | |
timeout tunnel 3600s | |
timeout http-keep-alive 1s | |
timeout http-request 15s | |
timeout queue 30s | |
timeout tarpit 60s | |
option redispatch | |
option http-server-close | |
option dontlognull | |
listen stats | |
bind 0.0.0.0:9090 | |
balance | |
mode http | |
stats enable | |
monitor-uri /_haproxy_health_check | |
acl getpid path /_haproxy_getpids | |
http-request use-service lua.getpids if getpid | |
acl getconfig path /_haproxy_getconfig | |
http-request use-service lua.getconfig if getconfig | |
frontend marathon_http_in | |
bind *:80 | |
mode http | |
acl path_letsencrypt-dcos_10000 path_beg /.well-known/acme-challenge | |
acl host_tweeter_mesosphere_com_letsencrypt-dcos hdr(host) -i tweeter.mesosphere.com | |
acl host_tweeter_mesosphere_com_letsencrypt-dcos hdr(host) -i tweeter-test.mesosphere.com | |
acl host_tweeter_mesosphere_com_letsencrypt-dcos hdr(host) -i ssl-test-1.mesosphere.com | |
acl host_tweeter_mesosphere_com_letsencrypt-dcos hdr(host) -i ssl-test-2.mesosphere.com | |
use_backend letsencrypt-dcos_10000 if host_tweeter_mesosphere_com_letsencrypt-dcos path_letsencrypt-dcos_10000 | |
acl host_ssl-test-1_mesosphere_com_letsencrypt-dcos-test-1 hdr(host) -i ssl-test-1.mesosphere.com | |
redirect scheme https code 301 if !{ ssl_fc } host_ssl-test-1_mesosphere_com_letsencrypt-dcos-test-1 | |
acl host_ssl-test-2_mesosphere_com_letsencrypt-dcos-test-2 hdr(host) -i ssl-test-2.mesosphere.com | |
use_backend letsencrypt-dcos-test-2_10002 if host_ssl-test-2_mesosphere_com_letsencrypt-dcos-test-2 | |
acl host_tweeter_mesosphere_com_tweeter hdr(host) -i tweeter.mesosphere.com | |
redirect scheme https code 301 if !{ ssl_fc } host_tweeter_mesosphere_com_tweeter | |
frontend marathon_http_appid_in | |
bind *:9091 | |
mode http | |
acl app__letsencrypt-dcos hdr(x-marathon-app-id) -i /letsencrypt-dcos | |
use_backend letsencrypt-dcos_10000 if app__letsencrypt-dcos | |
acl app__letsencrypt-dcos-test-1 hdr(x-marathon-app-id) -i /letsencrypt-dcos-test-1 | |
use_backend letsencrypt-dcos-test-1_10001 if app__letsencrypt-dcos-test-1 | |
acl app__letsencrypt-dcos-test-2 hdr(x-marathon-app-id) -i /letsencrypt-dcos-test-2 | |
use_backend letsencrypt-dcos-test-2_10002 if app__letsencrypt-dcos-test-2 | |
acl app__tweeter hdr(x-marathon-app-id) -i /tweeter | |
use_backend tweeter_10003 if app__tweeter | |
frontend marathon_https_in | |
bind *:443 ssl crt /etc/ssl/mesosphere.com.pem | |
mode http | |
acl path_letsencrypt-dcos_10000 path_beg /.well-known/acme-challenge | |
use_backend letsencrypt-dcos_10000 if { ssl_fc_sni tweeter.mesosphere.com } path_letsencrypt-dcos_10000 | |
use_backend letsencrypt-dcos_10000 if { ssl_fc_sni tweeter-test.mesosphere.com } path_letsencrypt-dcos_10000 | |
use_backend letsencrypt-dcos_10000 if { ssl_fc_sni ssl-test-1.mesosphere.com } path_letsencrypt-dcos_10000 | |
use_backend letsencrypt-dcos_10000 if { ssl_fc_sni ssl-test-2.mesosphere.com } path_letsencrypt-dcos_10000 | |
use_backend letsencrypt-dcos-test-1_10001 if { ssl_fc_sni ssl-test-1.mesosphere.com } | |
use_backend letsencrypt-dcos-test-2_10002 if { ssl_fc_sni ssl-test-2.mesosphere.com } | |
use_backend tweeter_10003 if { ssl_fc_sni tweeter.mesosphere.com } | |
frontend letsencrypt-dcos_10000 | |
bind *:10000 | |
mode http | |
use_backend letsencrypt-dcos_10000 | |
frontend letsencrypt-dcos-test-1_10001 | |
bind *:10001 | |
mode http | |
use_backend letsencrypt-dcos-test-1_10001 | |
frontend letsencrypt-dcos-test-2_10002 | |
bind *:10002 | |
mode http | |
use_backend letsencrypt-dcos-test-2_10002 | |
frontend tweeter_10003 | |
bind *:10003 | |
mode http | |
use_backend tweeter_10003 | |
backend letsencrypt-dcos_10000 | |
balance roundrobin | |
mode http | |
option forwardfor | |
http-request set-header X-Forwarded-Port %[dst_port] | |
http-request add-header X-Forwarded-Proto https if { ssl_fc } | |
server 10_0_2_113_11600 10.0.2.113:11600 | |
backend letsencrypt-dcos-test-1_10001 | |
balance roundrobin | |
mode http | |
rspadd Strict-Transport-Security:\ max-age=15768000 | |
option forwardfor | |
http-request set-header X-Forwarded-Port %[dst_port] | |
http-request add-header X-Forwarded-Proto https if { ssl_fc } | |
option httpchk GET /health | |
timeout check 10s | |
server 10_0_2_111_7003 10.0.2.111:7003 check inter 10s fall 3 | |
server 10_0_2_112_10466 10.0.2.112:10466 check inter 10s fall 3 | |
server 10_0_2_113_14878 10.0.2.113:14878 check inter 10s fall 3 | |
backend letsencrypt-dcos-test-2_10002 | |
balance roundrobin | |
mode http | |
option forwardfor | |
http-request set-header X-Forwarded-Port %[dst_port] | |
http-request add-header X-Forwarded-Proto https if { ssl_fc } | |
option httpchk GET /health | |
timeout check 10s | |
server 10_0_2_111_27565 10.0.2.111:27565 check inter 10s fall 3 | |
server 10_0_2_112_15818 10.0.2.112:15818 check inter 10s fall 3 | |
server 10_0_2_113_31249 10.0.2.113:31249 check inter 10s fall 3 | |
backend tweeter_10003 | |
balance roundrobin | |
mode http | |
rspadd Strict-Transport-Security:\ max-age=15768000 | |
option forwardfor | |
http-request set-header X-Forwarded-Port %[dst_port] | |
http-request add-header X-Forwarded-Proto https if { ssl_fc } | |
option httpchk GET / | |
timeout check 9s | |
server 10_0_2_112_4699 10.0.2.112:4699 check inter 20s fall 3 | |
core@ip-10-0-7-27 ~ $ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment