Created
December 17, 2015 08:48
-
-
Save changeme/feb49a0850bdd909da9c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| daemon | |
| stats socket /var/run/haproxy.stat mode 600 | |
| log 127.0.0.1 local0 | |
| log 127.0.0.1 local1 notice | |
| ulimit-n 80020 | |
| pidfile /var/run/haproxy.pid | |
| tune.ssl.default-dh-param 2048 | |
| ssl-default-bind-options no-sslv3 | |
| ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS | |
| ssl-default-server-options no-sslv3 | |
| ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS | |
| defaults | |
| option log-separate-errors | |
| option originalto | |
| option http-ignore-probes | |
| log global | |
| option httplog | |
| mode http | |
| timeout connect 400000 | |
| timeout client 420000 | |
| timeout server 430000 | |
| retries 3 | |
| option redispatch | |
| balance roundrobin | |
| stats enable | |
| stats uri /stats | |
| stats realm Haproxy\ Statistics | |
| stats auth user:password | |
| frontend f80 #192.168.1.1:80 | |
| bind *:80 | |
| log global | |
| maxconn 10000 | |
| option forwardfor | |
| redirect scheme https if { hdr(Host) -i sub.domain.com } !{ ssl_fc } | |
| default_backend default_farm | |
| frontend https | |
| bind 192.168.1.1:443 ssl crt /etc/haproxy/ssl/stardomaincom_ar.pem no-tls-tickets | |
| mode http | |
| option httpclose | |
| option forwardfor | |
| reqadd X-Forwarded-Proto:\ https | |
| rspadd Strict-Transport-Security:\ max-age=31536000 | |
| rspadd X-Clacks-Overhead:\ GNU\ Terry\ Pratchett | |
| rspadd X-Content-Type-Options:\ nosniff | |
| rspadd X-Frame-Options:\ sameorigin | |
| rspadd X-Forwarded-Proto | |
| acl acl_crm hdr(host) sub.domain.com.ar | |
| use_backend domain_farm if acl_crm | |
| backend domain_farm | |
| log global | |
| mode http | |
| balance roundrobin | |
| option http-server-close | |
| option forwardfor | |
| server crm1 10.10.0.20:80 cookie crm1 maxconn 45 check | |
| server crm2 10.10.0.21:80 cookie crm1 maxconn 45 check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment