-
-
Save david-littlefield/cbed0867d0be4db71ac4c3d0861549b2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# customizes system-wide settings | |
global | |
# specifies maximum number of connections | |
maxconn 100000 | |
# starts haproxy as a background service | |
daemon | |
# sets maximum size of diffie-hellman parameters | |
tune.ssl.default-dh-param 2048 | |
# sets ssl ciphers for bind directives | |
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 | |
# disables specified ssl protocols | |
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 | |
# # sets ssl ciphers for server directives | |
ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 | |
# disables specified ssl protocols | |
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 | |
# customizes frontend and backend settings | |
defaults | |
# specifies number of connection attempts to perform after connection failure | |
retries 2 | |
# redistributes connection to working server after connection failure | |
option redispatch | |
# specifies to terminate conenctions after specified inactivity | |
timeout server 30s | |
timeout client 30s | |
timeout connect 3s | |
# customizes how to handle insecure and secure connections | |
frontend http_and_https_requests | |
# specifies port | |
bind :80 | |
# specifies port, enables ssl, and sets path to ssl certificate | |
bind :443 ssl crt /etc/haproxy/haproxy.pem | |
# specifies protocol | |
mode http | |
# converts http connections to https connections | |
http-request redirect scheme https unless { ssl_fc } | |
# sends insecure connections to backend web servers for insecure connections | |
default_backend web_servers_insecure | |
# distributes insecure connections between specified web servers | |
backend web_servers_insecure | |
# specifies protocol | |
mode http | |
# specifies algorithm to select web server | |
balance static-rr | |
# sets ip address and port of web servers | |
server server-1 173.255.209.233:80 check | |
server server-2 45.33.13.41:80 check | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment