Skip to content

Instantly share code, notes, and snippets.

@dangra
Created January 28, 2014 13:28
Show Gist options
  • Save dangra/8667594 to your computer and use it in GitHub Desktop.
Save dangra/8667594 to your computer and use it in GitHub Desktop.
# global parameters
global
# log on syslog of 127.0.0.1 udp port 514 (default) using local0 facility.
log 127.0.0.1 local0
# maximum number of concurrent connections
maxconn 4096
# drop privileges after port binding
user nobody
group nogroup
# run in daemon mode
daemon
# store pid of process in the file
pidfile /var/run/haproxy.pid
# create this socket for stats
stats socket /var/run/socket-haproxy
# defaults section sets default parameters for all other following sections
defaults
# use logging options defined in global
log global
# run in L7 mode
mode http
# log into httplog format
option httplog
# disable logging of null connections
option dontlognull
# VERY IMPORTANT OPTION: Analyze each request individually and evaluate acls for each request. Don't run in tunnel mode.
option http-server-close
# redispatch the request in case primary server based on session stickyness is down
option redispatch
# maximum inactivity time on client side. Recommended to keep it same as server timeout
timeout client 30s
# maximum time given to server to respond to a request
timeout server 30s
# maximum time to wait for a server connection to succeed. Can be as low as few msec if Haproxy and server are on same LAN
timeout connect 1s
# timeout for keep alive
timeout http-keep-alive 60s
# maximum time to wait for client to send full request. Keep it like 5s for get DoS protection
timeout http-request 5s
# enable stats web interface. very helpful to see what's happening in haproxy
stats enable
# default referesh time for web interface
stats refresh 10s
# uri for the web interface
stats uri /stats
frontend inbound
# bind to port 80 on all interfaces
bind 0.0.0.0:80
# bind to port 443 on all interfaces
# enable HTTPS loading cert from file
# Enable TLSv1+ (available on all major browsers)
# Choose ciphers specified here. The mentioned ciphers work on all browsers, are easy on server and offer BEAST protection
bind 0.0.0.0:443 ssl crt /etc/cert.pem nosslv3 prefer-server-ciphers ciphers RC4-SHA:AES128-SHA:AES256-SHA
default_backend server
backend server
# do a monitoring check on backend servers at the following URI
option httpchk /monitor
# add server to the backend pool specifying maximum connections
server 1 192.168.10.1:8080 check maxconn 40
server 2 192.168.10.2:8080 check maxconn 20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment