cleverdevil/haproxy.cfg

## haproxy.cfg
global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	maxconn 4096
	tune.ssl.default-dh-param 2048
        user haproxy
	group haproxy
	daemon

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

        option forwardfor
        option http-server-close
        stats enable
        stats auth admin:stats
        stats uri /haproxyStats

frontend http-in
        bind *:80
        bind *:443 ssl crt /etc/ssl/host.pem ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        reqadd X-Forwarded-Proto:\ https
	option forwardfor

	# work around POODLE by redirecting SSLv3 traffic
	acl sslv3 ssl_fc_protocol SSLv3
	use_backend block_sslv3 if sslv3

        # Define hosts
	acl host_static hdr(host) -i static.mydomain.io

        # Figure out which one to use
	use_backend static_cluster if host_static

backend block_sslv3
	mode http
	errorfile 503 /etc/haproxy/pages/sslv3.http

backend static_cluster
	balance leastconn
	option httpclose
	reqirep ^((GET|HEAD)\ .*)/\ (HTTP.*) \1/index.html\ \3
        reqirep ^Host:   Host:\ mybucket.objects.dreamhost.com
	server node1 mybucket.objects.dreamhost.com:80
	global
	log /dev/log local0
	log /dev/log local1 notice
	chroot /var/lib/haproxy
	maxconn 4096
	tune.ssl.default-dh-param 2048
	user haproxy
	group haproxy
	daemon

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	timeout connect 5000
	timeout client 50000
	timeout server 50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

	option forwardfor
	option http-server-close
	stats enable
	stats auth admin:stats
	stats uri /haproxyStats

	frontend http-in
	bind *:80
	bind *:443 ssl crt /etc/ssl/host.pem ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
	reqadd X-Forwarded-Proto:\ https
	option forwardfor

	# work around POODLE by redirecting SSLv3 traffic
	acl sslv3 ssl_fc_protocol SSLv3
	use_backend block_sslv3 if sslv3

	# Define hosts
	acl host_static hdr(host) -i static.mydomain.io

	# Figure out which one to use
	use_backend static_cluster if host_static

	backend block_sslv3
	mode http
	errorfile 503 /etc/haproxy/pages/sslv3.http

	backend static_cluster
	balance leastconn
	option httpclose
	reqirep ^((GET\|HEAD)\ .)/\ (HTTP.) \1/index.html\ \3
	reqirep ^Host: Host:\ mybucket.objects.dreamhost.com
	server node1 mybucket.objects.dreamhost.com:80