Instantly share code, notes, and snippets.

Embed
What would you like to do?
core@ip-10-0-7-27 ~ $ curl http://marathon-lb.marathon.mesos:9090/_haproxy_getconfig
global
daemon
log /dev/log local0
log /dev/log local1 notice
maxconn 50000
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl-default-server-options no-sslv3 no-tls-tickets
stats socket /var/run/haproxy/socket
server-state-file global
server-state-base /var/state/haproxy/
lua-load /marathon-lb/getpids.lua
lua-load /marathon-lb/getconfig.lua
defaults
load-server-state-from-file global
log global
retries 3
backlog 10000
maxconn 10000
timeout connect 3s
timeout client 30s
timeout server 30s
timeout tunnel 3600s
timeout http-keep-alive 1s
timeout http-request 15s
timeout queue 30s
timeout tarpit 60s
option redispatch
option http-server-close
option dontlognull
listen stats
bind 0.0.0.0:9090
balance
mode http
stats enable
monitor-uri /_haproxy_health_check
acl getpid path /_haproxy_getpids
http-request use-service lua.getpids if getpid
acl getconfig path /_haproxy_getconfig
http-request use-service lua.getconfig if getconfig
frontend marathon_http_in
bind *:80
mode http
acl path_letsencrypt-dcos_10000 path_beg /.well-known/acme-challenge
acl host_tweeter_mesosphere_com_letsencrypt-dcos hdr(host) -i tweeter.mesosphere.com
acl host_tweeter_mesosphere_com_letsencrypt-dcos hdr(host) -i tweeter-test.mesosphere.com
acl host_tweeter_mesosphere_com_letsencrypt-dcos hdr(host) -i ssl-test-1.mesosphere.com
acl host_tweeter_mesosphere_com_letsencrypt-dcos hdr(host) -i ssl-test-2.mesosphere.com
use_backend letsencrypt-dcos_10000 if host_tweeter_mesosphere_com_letsencrypt-dcos path_letsencrypt-dcos_10000
acl host_ssl-test-1_mesosphere_com_letsencrypt-dcos-test-1 hdr(host) -i ssl-test-1.mesosphere.com
redirect scheme https code 301 if !{ ssl_fc } host_ssl-test-1_mesosphere_com_letsencrypt-dcos-test-1
acl host_ssl-test-2_mesosphere_com_letsencrypt-dcos-test-2 hdr(host) -i ssl-test-2.mesosphere.com
use_backend letsencrypt-dcos-test-2_10002 if host_ssl-test-2_mesosphere_com_letsencrypt-dcos-test-2
acl host_tweeter_mesosphere_com_tweeter hdr(host) -i tweeter.mesosphere.com
redirect scheme https code 301 if !{ ssl_fc } host_tweeter_mesosphere_com_tweeter
frontend marathon_http_appid_in
bind *:9091
mode http
acl app__letsencrypt-dcos hdr(x-marathon-app-id) -i /letsencrypt-dcos
use_backend letsencrypt-dcos_10000 if app__letsencrypt-dcos
acl app__letsencrypt-dcos-test-1 hdr(x-marathon-app-id) -i /letsencrypt-dcos-test-1
use_backend letsencrypt-dcos-test-1_10001 if app__letsencrypt-dcos-test-1
acl app__letsencrypt-dcos-test-2 hdr(x-marathon-app-id) -i /letsencrypt-dcos-test-2
use_backend letsencrypt-dcos-test-2_10002 if app__letsencrypt-dcos-test-2
acl app__tweeter hdr(x-marathon-app-id) -i /tweeter
use_backend tweeter_10003 if app__tweeter
frontend marathon_https_in
bind *:443 ssl crt /etc/ssl/mesosphere.com.pem
mode http
acl path_letsencrypt-dcos_10000 path_beg /.well-known/acme-challenge
use_backend letsencrypt-dcos_10000 if { ssl_fc_sni tweeter.mesosphere.com } path_letsencrypt-dcos_10000
use_backend letsencrypt-dcos_10000 if { ssl_fc_sni tweeter-test.mesosphere.com } path_letsencrypt-dcos_10000
use_backend letsencrypt-dcos_10000 if { ssl_fc_sni ssl-test-1.mesosphere.com } path_letsencrypt-dcos_10000
use_backend letsencrypt-dcos_10000 if { ssl_fc_sni ssl-test-2.mesosphere.com } path_letsencrypt-dcos_10000
use_backend letsencrypt-dcos-test-1_10001 if { ssl_fc_sni ssl-test-1.mesosphere.com }
use_backend letsencrypt-dcos-test-2_10002 if { ssl_fc_sni ssl-test-2.mesosphere.com }
use_backend tweeter_10003 if { ssl_fc_sni tweeter.mesosphere.com }
frontend letsencrypt-dcos_10000
bind *:10000
mode http
use_backend letsencrypt-dcos_10000
frontend letsencrypt-dcos-test-1_10001
bind *:10001
mode http
use_backend letsencrypt-dcos-test-1_10001
frontend letsencrypt-dcos-test-2_10002
bind *:10002
mode http
use_backend letsencrypt-dcos-test-2_10002
frontend tweeter_10003
bind *:10003
mode http
use_backend tweeter_10003
backend letsencrypt-dcos_10000
balance roundrobin
mode http
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server 10_0_2_113_11600 10.0.2.113:11600
backend letsencrypt-dcos-test-1_10001
balance roundrobin
mode http
rspadd Strict-Transport-Security:\ max-age=15768000
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk GET /health
timeout check 10s
server 10_0_2_111_7003 10.0.2.111:7003 check inter 10s fall 3
server 10_0_2_112_10466 10.0.2.112:10466 check inter 10s fall 3
server 10_0_2_113_14878 10.0.2.113:14878 check inter 10s fall 3
backend letsencrypt-dcos-test-2_10002
balance roundrobin
mode http
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk GET /health
timeout check 10s
server 10_0_2_111_27565 10.0.2.111:27565 check inter 10s fall 3
server 10_0_2_112_15818 10.0.2.112:15818 check inter 10s fall 3
server 10_0_2_113_31249 10.0.2.113:31249 check inter 10s fall 3
backend tweeter_10003
balance roundrobin
mode http
rspadd Strict-Transport-Security:\ max-age=15768000
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk GET /
timeout check 9s
server 10_0_2_112_4699 10.0.2.112:4699 check inter 20s fall 3
core@ip-10-0-7-27 ~ $
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment