david-littlefield/haproxy_http.cfg Secret

## haproxy_http.cfg
# customizes system-wide settings
global

    # specifies maximum number of connections
    maxconn 100000

    # starts haproxy as a background service
    daemon

    # sets maximum size of diffie-hellman parameters
    tune.ssl.default-dh-param 2048

    # sets ssl ciphers for bind directives
    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

    # disables specified ssl protocols
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11

    # # sets ssl ciphers for server directives
    ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

    # disables specified ssl protocols
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11

# customizes frontend and backend settings
defaults

    # specifies number of connection attempts to perform after connection failure
    retries 2

    # redistributes connection to working server after connection failure
    option redispatch

    # specifies to terminate conenctions after specified inactivity
    timeout server 30s
    timeout client 30s
    timeout connect 3s

# customizes how to handle insecure and secure connections
frontend http_and_https_requests

    # specifies port
    bind :80

    # specifies port, enables ssl, and sets path to ssl certificate
    bind :443 ssl crt /etc/haproxy/haproxy.pem

    # specifies protocol
    mode http

    # converts http connections to https connections
    http-request redirect scheme https unless { ssl_fc }

    # sends insecure connections to backend web servers for insecure connections
    default_backend web_servers_insecure

# distributes insecure connections between specified web servers
backend web_servers_insecure

    # specifies protocol
    mode http

    # specifies algorithm to select web server
    balance static-rr

    # sets ip address and port of web servers
    server server-1 173.255.209.233:80 check
    server server-2 45.33.13.41:80 check
	# customizes system-wide settings
	global

	# specifies maximum number of connections
	maxconn 100000

	# starts haproxy as a background service
	daemon

	# sets maximum size of diffie-hellman parameters
	tune.ssl.default-dh-param 2048

	# sets ssl ciphers for bind directives
	ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

	# disables specified ssl protocols
	ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11

	# # sets ssl ciphers for server directives
	ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

	# disables specified ssl protocols
	ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11

	# customizes frontend and backend settings
	defaults

	# specifies number of connection attempts to perform after connection failure
	retries 2

	# redistributes connection to working server after connection failure
	option redispatch

	# specifies to terminate conenctions after specified inactivity
	timeout server 30s
	timeout client 30s
	timeout connect 3s

	# customizes how to handle insecure and secure connections
	frontend http_and_https_requests

	# specifies port
	bind :80

	# specifies port, enables ssl, and sets path to ssl certificate
	bind :443 ssl crt /etc/haproxy/haproxy.pem

	# specifies protocol
	mode http

	# converts http connections to https connections
	http-request redirect scheme https unless { ssl_fc }

	# sends insecure connections to backend web servers for insecure connections
	default_backend web_servers_insecure

	# distributes insecure connections between specified web servers
	backend web_servers_insecure

	# specifies protocol
	mode http

	# specifies algorithm to select web server
	balance static-rr

	# sets ip address and port of web servers
	server server-1 173.255.209.233:80 check
	server server-2 45.33.13.41:80 check