dvanders/haproxy.cfg

## haproxy.cfg
# This file managed by Puppet
global
  chroot  /var/lib/haproxy
  group  haproxy
  log  127.0.0.1 local0
  maxconn  2048
  pidfile  /var/run/haproxy.pid
  ssl-default-bind-ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
  stats  socket /var/lib/haproxy/stats level admin
  tune.ssl.default-dh-param  2048
  user  haproxy

defaults
  log  global
  maxconn  2048
  mode  http
  option  redispatch
  option  http-server-close
  option  contstats
  option  httplog
  retries  3
  stats  enable
  timeout  http-request 10s
  timeout  queue 30s
  timeout  connect 10s
  timeout  client 1m
  timeout  server 1m
  timeout  check 10s

frontend cs3.cern.ch-frontend
  bind ipv4@:80,ipv6@:80
  acl haproxy_stats url_beg /haproxy_stats
  acl dnsstyle_buckets hdr_sub(host) -i .cs3.cern.ch
  capture request header User-Agent len 256
  capture request header Host len 128
  http-request set-var(req.bucketname) hdr(host),regsub(.cs3.cern.ch,) if dnsstyle_buckets
  http-request set-var(req.bucketname) path,word(1,/) if ! dnsstyle_buckets
  http-request set-header X-Debug-Bucket %[var(req.bucketname)]
  rate-limit sessions 10
  timeout http-request 5m
  timeout client 5m
  use_backend stats if haproxy_stats
  use_backend %[var(req.bucketname),lower,map(/etc/haproxy/buckets.map,backend-gabe)]

frontend cs3.cern.ch-frontend-ssl
  bind ipv4@:443,ipv6@:443 ssl no-sslv3 crt /etc/haproxy/cert.pem verify none
  acl haproxy_stats url_beg /haproxy_stats
  acl dnsstyle_buckets hdr_sub(host) -i .cs3.cern.ch
  capture request header User-Agent len 256
  capture request header Host len 128
  http-request set-var(req.bucketname) hdr(host),regsub(.cs3.cern.ch,) if dnsstyle_buckets
  http-request set-var(req.bucketname) path,word(1,/) if ! dnsstyle_buckets
  http-request set-header X-Debug-Bucket %[var(req.bucketname)]
  rate-limit sessions 10
  timeout http-request 5m
  timeout client 5m
  use_backend stats if haproxy_stats
  use_backend %[var(req.bucketname),lower,map(/etc/haproxy/buckets.map,backend-gabe)]

backend backend-beesly
  balance leastconn
  http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2
  option httpchk GET /
  stick-table type ip size 20k peers mypeers

backend backend-dwight
  balance leastconn
  http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2
  option httpchk GET /
  stick-table type ip size 20k peers mypeers
  server cephrgwd01.cern.ch 188.184.184.100:8080 check inter 30000

backend backend-gabe
  balance leastconn
  http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2
  option httpchk GET /
  stick-table type ip size 20k peers mypeers
  server cephgabe-rgw-141f8a735f.cern.ch 188.185.79.29:8080 check inter 30000
  server cephgabe-rgw-54147b6197.cern.ch 188.184.86.186:8080 check inter 30000
  server cephgabe-rgw-8b94da0839.cern.ch 188.185.70.64:8080 check inter 30000
  server cephgabe-rgw-8f7e40e175.cern.ch 188.184.95.16:8080 check inter 30000
  server cephgabe-rgw-92b67e1e4c.cern.ch 188.184.94.97:8080 check inter 30000

backend backend-gabe-atlas
  balance leastconn
  http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2
  option httpchk GET /
  stick-table type ip size 20k peers mypeers
  server cephgabe-rgw-1b52a31689.cern.ch 188.184.83.125:8080 check inter 30000
  server cephgabe-rgw-887e737c1c.cern.ch 188.184.95.79:8080 check inter 30000
  server cephgabe-rgw-8ceddb4c40.cern.ch 188.185.79.228:8080 check inter 30000
  server cephgabe-rgw-926f5a12a0.cern.ch 188.184.87.159:8080 check inter 30000
  server cephgabe-rgw-c4737ad05a.cern.ch 188.184.81.67:8080 check inter 30000

backend stats
  stats enable
  stats uri /haproxy_stats
  stats auth yyy:xxx
  stats refresh 2s
  stats admin if TRUE

peers mypeers
  peer cephgabe-rgw-141f8a735f.cern.ch 188.185.79.29:7777
  peer cephgabe-rgw-1b52a31689.cern.ch 188.184.83.125:7777
  peer cephgabe-rgw-54147b6197.cern.ch 188.184.86.186:7777
  peer cephgabe-rgw-887e737c1c.cern.ch 188.184.95.79:7777
  peer cephgabe-rgw-8b94da0839.cern.ch 188.185.70.64:7777
  peer cephgabe-rgw-8ceddb4c40.cern.ch 188.185.79.228:7777
  peer cephgabe-rgw-8f7e40e175.cern.ch 188.184.95.16:7777
  peer cephgabe-rgw-926f5a12a0.cern.ch 188.184.87.159:7777
  peer cephgabe-rgw-92b67e1e4c.cern.ch 188.184.94.97:7777
  peer cephgabe-rgw-c4737ad05a.cern.ch 188.184.81.67:7777
  peer cephrgwd01.cern.ch 188.184.184.100:7777
	# This file managed by Puppet
	global
	chroot /var/lib/haproxy
	group haproxy
	log 127.0.0.1 local0
	maxconn 2048
	pidfile /var/run/haproxy.pid
	ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
	stats socket /var/lib/haproxy/stats level admin
	tune.ssl.default-dh-param 2048
	user haproxy

	defaults
	log global
	maxconn 2048
	mode http
	option redispatch
	option http-server-close
	option contstats
	option httplog
	retries 3
	stats enable
	timeout http-request 10s
	timeout queue 30s
	timeout connect 10s
	timeout client 1m
	timeout server 1m
	timeout check 10s

	frontend cs3.cern.ch-frontend
	bind ipv4@:80,ipv6@:80
	acl haproxy_stats url_beg /haproxy_stats
	acl dnsstyle_buckets hdr_sub(host) -i .cs3.cern.ch
	capture request header User-Agent len 256
	capture request header Host len 128
	http-request set-var(req.bucketname) hdr(host),regsub(.cs3.cern.ch,) if dnsstyle_buckets
	http-request set-var(req.bucketname) path,word(1,/) if ! dnsstyle_buckets
	http-request set-header X-Debug-Bucket %[var(req.bucketname)]
	rate-limit sessions 10
	timeout http-request 5m
	timeout client 5m
	use_backend stats if haproxy_stats
	use_backend %[var(req.bucketname),lower,map(/etc/haproxy/buckets.map,backend-gabe)]

	frontend cs3.cern.ch-frontend-ssl
	bind ipv4@:443,ipv6@:443 ssl no-sslv3 crt /etc/haproxy/cert.pem verify none
	acl haproxy_stats url_beg /haproxy_stats
	acl dnsstyle_buckets hdr_sub(host) -i .cs3.cern.ch
	capture request header User-Agent len 256
	capture request header Host len 128
	http-request set-var(req.bucketname) hdr(host),regsub(.cs3.cern.ch,) if dnsstyle_buckets
	http-request set-var(req.bucketname) path,word(1,/) if ! dnsstyle_buckets
	http-request set-header X-Debug-Bucket %[var(req.bucketname)]
	rate-limit sessions 10
	timeout http-request 5m
	timeout client 5m
	use_backend stats if haproxy_stats
	use_backend %[var(req.bucketname),lower,map(/etc/haproxy/buckets.map,backend-gabe)]

	backend backend-beesly
	balance leastconn
	http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2
	option httpchk GET /
	stick-table type ip size 20k peers mypeers

	backend backend-dwight
	balance leastconn
	http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2
	option httpchk GET /
	stick-table type ip size 20k peers mypeers
	server cephrgwd01.cern.ch 188.184.184.100:8080 check inter 30000

	backend backend-gabe
	balance leastconn
	http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2
	option httpchk GET /
	stick-table type ip size 20k peers mypeers
	server cephgabe-rgw-141f8a735f.cern.ch 188.185.79.29:8080 check inter 30000
	server cephgabe-rgw-54147b6197.cern.ch 188.184.86.186:8080 check inter 30000
	server cephgabe-rgw-8b94da0839.cern.ch 188.185.70.64:8080 check inter 30000
	server cephgabe-rgw-8f7e40e175.cern.ch 188.184.95.16:8080 check inter 30000
	server cephgabe-rgw-92b67e1e4c.cern.ch 188.184.94.97:8080 check inter 30000

	backend backend-gabe-atlas
	balance leastconn
	http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2
	option httpchk GET /
	stick-table type ip size 20k peers mypeers
	server cephgabe-rgw-1b52a31689.cern.ch 188.184.83.125:8080 check inter 30000
	server cephgabe-rgw-887e737c1c.cern.ch 188.184.95.79:8080 check inter 30000
	server cephgabe-rgw-8ceddb4c40.cern.ch 188.185.79.228:8080 check inter 30000
	server cephgabe-rgw-926f5a12a0.cern.ch 188.184.87.159:8080 check inter 30000
	server cephgabe-rgw-c4737ad05a.cern.ch 188.184.81.67:8080 check inter 30000

	backend stats
	stats enable
	stats uri /haproxy_stats
	stats auth yyy:xxx
	stats refresh 2s
	stats admin if TRUE

	peers mypeers
	peer cephgabe-rgw-141f8a735f.cern.ch 188.185.79.29:7777
	peer cephgabe-rgw-1b52a31689.cern.ch 188.184.83.125:7777
	peer cephgabe-rgw-54147b6197.cern.ch 188.184.86.186:7777
	peer cephgabe-rgw-887e737c1c.cern.ch 188.184.95.79:7777
	peer cephgabe-rgw-8b94da0839.cern.ch 188.185.70.64:7777
	peer cephgabe-rgw-8ceddb4c40.cern.ch 188.185.79.228:7777
	peer cephgabe-rgw-8f7e40e175.cern.ch 188.184.95.16:7777
	peer cephgabe-rgw-926f5a12a0.cern.ch 188.184.87.159:7777
	peer cephgabe-rgw-92b67e1e4c.cern.ch 188.184.94.97:7777
	peer cephgabe-rgw-c4737ad05a.cern.ch 188.184.81.67:7777
	peer cephrgwd01.cern.ch 188.184.184.100:7777