codeslinger/haproxy.cfg Secret

## haproxy.cfg
global
  log /dev/log local0
  log /dev/log local1 notice
  maxconn 32768
  chroot /var/lib/haproxy
  stats socket /var/run/haproxy/admin.sock mode 660 level admin
  server-state-file /tmp/server_state
  stats timeout 30s
  user haproxy
  group haproxy
  tune.ssl.default-dh-param 2048
  daemon
  ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:DES-CBC3-SHA:!LOW:!3DES:!MD5:!EXP:!PSK:!aNULL:!eNULL

defaults
  log global
  maxconn 32768
  mode http
  option forwardfor
  timeout connect 5s
  timeout server 5s
  timeout client 60s
  timeout tunnel 3600s
  option httplog
  option dontlognull

peers others
  peer other1 10.0.0.1:5555
  peer other2 10.0.0.2:5555
  peer other3 10.0.0.3:5555

frontend front
  bind :443 ssl crt /etc/tls/cert crt /etc/tls/ no-sslv3
  mode http
  option httplog
  option forwardfor
  # If X-Foobar comes in on the URL parameters, make an HTTP header out of it
  http-request set-header X-Foobar %[urlp(X-Foobar)] if { url_sub X-Foobar }
  default_backend back

backend back
  load-server-state-from-file global
  balance hdr(X-Foobar)
  stick-table type string size 100k peers others
  stick on req.hdr(X-Foobar)
  option httpchk GET /status HTTP/1.0
  server back001 10.0.1.1:10000 id 167775312 check check-ssl maxconn 2000 ssl verify none
  server back002 10.0.1.2:10000 id 167775405 check check-ssl maxconn 2000 ssl verify none
  server back003 10.0.1.3:10000 id 167775413 check check-ssl maxconn 2000 ssl verify none
  server back004 10.0.1.4:10000 id 167775508 check check-ssl maxconn 2000 ssl verify none
  server back005 10.0.1.5:10000 id 167775520 check check-ssl maxconn 2000 ssl verify none
  server back006 10.0.1.6:10000 id 167775571 check check-ssl maxconn 2000 ssl verify none
  server back007 10.0.1.7:10000 id 167775889 check check-ssl maxconn 2000 ssl verify none
  server back008 10.0.1.8:10000 id 167775921 check check-ssl maxconn 2000 ssl verify none

## haproxy.log
2016-07-06T21:34:08.162Z Jul  6 21:34:07 other3 haproxy[1521]: 1.2.3.4:5678 [06/Jul/2016:21:27:11.941] front~ back/back004 408/0/1/254/415354 101 3126 - - ---- 16/16/16/1/0 0/0 "GET /foobar HTTP/1.1"
2016-07-06T21:34:13.165Z Jul  6 21:34:12 other3 haproxy[26382]: 2.3.4.5:6789 [06/Jul/2016:20:59:10.485] front~ back/back007 211/0/1/196/2101994 101 3212345 - - ---- 67/67/67/8/0 0/0 "GET /foobar HTTP/1.1"
	global
	log /dev/log local0
	log /dev/log local1 notice
	maxconn 32768
	chroot /var/lib/haproxy
	stats socket /var/run/haproxy/admin.sock mode 660 level admin
	server-state-file /tmp/server_state
	stats timeout 30s
	user haproxy
	group haproxy
	tune.ssl.default-dh-param 2048
	daemon
	ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:DES-CBC3-SHA:!LOW:!3DES:!MD5:!EXP:!PSK:!aNULL:!eNULL

	defaults
	log global
	maxconn 32768
	mode http
	option forwardfor
	timeout connect 5s
	timeout server 5s
	timeout client 60s
	timeout tunnel 3600s
	option httplog
	option dontlognull

	peers others
	peer other1 10.0.0.1:5555
	peer other2 10.0.0.2:5555
	peer other3 10.0.0.3:5555

	frontend front
	bind :443 ssl crt /etc/tls/cert crt /etc/tls/ no-sslv3
	mode http
	option httplog
	option forwardfor
	# If X-Foobar comes in on the URL parameters, make an HTTP header out of it
	http-request set-header X-Foobar %[urlp(X-Foobar)] if { url_sub X-Foobar }
	default_backend back

	backend back
	load-server-state-from-file global
	balance hdr(X-Foobar)
	stick-table type string size 100k peers others
	stick on req.hdr(X-Foobar)
	option httpchk GET /status HTTP/1.0
	server back001 10.0.1.1:10000 id 167775312 check check-ssl maxconn 2000 ssl verify none
	server back002 10.0.1.2:10000 id 167775405 check check-ssl maxconn 2000 ssl verify none
	server back003 10.0.1.3:10000 id 167775413 check check-ssl maxconn 2000 ssl verify none
	server back004 10.0.1.4:10000 id 167775508 check check-ssl maxconn 2000 ssl verify none
	server back005 10.0.1.5:10000 id 167775520 check check-ssl maxconn 2000 ssl verify none
	server back006 10.0.1.6:10000 id 167775571 check check-ssl maxconn 2000 ssl verify none
	server back007 10.0.1.7:10000 id 167775889 check check-ssl maxconn 2000 ssl verify none
	server back008 10.0.1.8:10000 id 167775921 check check-ssl maxconn 2000 ssl verify none
	2016-07-06T21:34:08.162Z Jul 6 21:34:07 other3 haproxy[1521]: 1.2.3.4:5678 [06/Jul/2016:21:27:11.941] front~ back/back004 408/0/1/254/415354 101 3126 - - ---- 16/16/16/1/0 0/0 "GET /foobar HTTP/1.1"
	2016-07-06T21:34:13.165Z Jul 6 21:34:12 other3 haproxy[26382]: 2.3.4.5:6789 [06/Jul/2016:20:59:10.485] front~ back/back007 211/0/1/196/2101994 101 3212345 - - ---- 67/67/67/8/0 0/0 "GET /foobar HTTP/1.1"