Created
January 28, 2014 13:28
-
-
Save dangra/8667594 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# global parameters | |
global | |
# log on syslog of 127.0.0.1 udp port 514 (default) using local0 facility. | |
log 127.0.0.1 local0 | |
# maximum number of concurrent connections | |
maxconn 4096 | |
# drop privileges after port binding | |
user nobody | |
group nogroup | |
# run in daemon mode | |
daemon | |
# store pid of process in the file | |
pidfile /var/run/haproxy.pid | |
# create this socket for stats | |
stats socket /var/run/socket-haproxy | |
# defaults section sets default parameters for all other following sections | |
defaults | |
# use logging options defined in global | |
log global | |
# run in L7 mode | |
mode http | |
# log into httplog format | |
option httplog | |
# disable logging of null connections | |
option dontlognull | |
# VERY IMPORTANT OPTION: Analyze each request individually and evaluate acls for each request. Don't run in tunnel mode. | |
option http-server-close | |
# redispatch the request in case primary server based on session stickyness is down | |
option redispatch | |
# maximum inactivity time on client side. Recommended to keep it same as server timeout | |
timeout client 30s | |
# maximum time given to server to respond to a request | |
timeout server 30s | |
# maximum time to wait for a server connection to succeed. Can be as low as few msec if Haproxy and server are on same LAN | |
timeout connect 1s | |
# timeout for keep alive | |
timeout http-keep-alive 60s | |
# maximum time to wait for client to send full request. Keep it like 5s for get DoS protection | |
timeout http-request 5s | |
# enable stats web interface. very helpful to see what's happening in haproxy | |
stats enable | |
# default referesh time for web interface | |
stats refresh 10s | |
# uri for the web interface | |
stats uri /stats | |
frontend inbound | |
# bind to port 80 on all interfaces | |
bind 0.0.0.0:80 | |
# bind to port 443 on all interfaces | |
# enable HTTPS loading cert from file | |
# Enable TLSv1+ (available on all major browsers) | |
# Choose ciphers specified here. The mentioned ciphers work on all browsers, are easy on server and offer BEAST protection | |
bind 0.0.0.0:443 ssl crt /etc/cert.pem nosslv3 prefer-server-ciphers ciphers RC4-SHA:AES128-SHA:AES256-SHA | |
default_backend server | |
backend server | |
# do a monitoring check on backend servers at the following URI | |
option httpchk /monitor | |
# add server to the backend pool specifying maximum connections | |
server 1 192.168.10.1:8080 check maxconn 40 | |
server 2 192.168.10.2:8080 check maxconn 20 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment