Skip to content

Instantly share code, notes, and snippets.

@elyograg

elyograg/gist:597fa2427f3039ddfb15 Secret

Last active August 29, 2015 14:22
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save elyograg/597fa2427f3039ddfb15 to your computer and use it in GitHub Desktop.
Save elyograg/597fa2427f3039ddfb15 to your computer and use it in GitHub Desktop.
Download ZIP
Redacted haproxy config
Raw
gistfile1.txt
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
daemon
spread-checks 2
tune.bufsize 65536
ssl-server-verify none
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ALL:!DH:!ADH:!EXP:!LOW:!RC2:!3DES:!SEED:!RC4:+HIGH:+MEDIUM
ssl-default-server-ciphers RC4-MD5
defaults
log global
mode http
option forwardfor except 127.0.0.1
balance leastconn
option httplog
option dontlognull
option redispatch
option abortonclose
retries 1
timeout connect 5s
timeout client 15s
timeout server 120s
timeout http-keep-alive 5s
timeout check 9990
listen stats 0.0.0.0:8080
description The listener for the stats that you're looking at right now.
stats uri /
frontend fe-spark-80
description Front end that accepts non-ssl production spark requests.
bind xx.xxx.xxx.78:80
acl blockit hdr_sub(User-Agent) -i bittorrent
acl blockit path_beg -i /announc
acl bot hdr_cnt(User-Agent) 0
acl bot hdr_sub(User-Agent) -i baiduspider ia_archiver jeeves googlebot mediapartners-google msnbot slurp zyborg yandexnews fairshare.cc yandex bingbot crawler everyonesocialbot feed\ crawler google-http-java-client java/1.6.0_38 owlin\ bot sc\ news wikioimagesbot xenu\ link\ sleuth yahoocachesystem
acl facebook hdr_sub(User-Agent) -i facebookexternalhit
acl socialbot hdr_sub(User-Agent) -i facebookexternalhit
acl socialbot hdr_sub(User-Agent) -i twitterbot
acl socialbot hdr_sub(User-Agent) -i feedfetcher-google
http-request deny if blockit
redirect scheme https if !{ ssl_fc }
frontend fe-spark-443
description Front end that accepts ssl production spark requests.
bind xx.xxx.xxx.78:443 ssl crt /etc/ssl/certs/local/wildcard.REDACTED.com.pem crt /etc/ssl/certs/local/wildcard.stg_dev0-9.REDACTED.com.pem no-sslv3
acl bot hdr_cnt(User-Agent) 0
acl bot hdr_sub(User-Agent) -i baiduspider ia_archiver jeeves googlebot mediapartners-google msnbot slurp zyborg yandexnews fairshare.cc yandex bingbot crawler everyonesocialbot feed\ crawler google-http-java-client java/1.6.0_38 owlin\ bot sc\ news wikioimagesbot xenu\ link\ sleuth yahoocachesystem
acl facebook hdr_sub(User-Agent) -i facebookexternalhit
acl socialbot hdr_sub(User-Agent) -i facebookexternalhit
acl socialbot hdr_sub(User-Agent) -i twitterbot
acl socialbot hdr_sub(User-Agent) -i feedfetcher-google
acl blockit hdr_sub(User-Agent) -i torrent
acl blockit path_beg -i /announc
acl blockit path_beg -i /v2.0
acl blockit path_beg -i /v2.1
acl blockit path_beg -i /v2.2
acl blockit path_beg -i /fr
acl blockit path_beg -i /tr
acl blockit path_beg -i /connect
acl blockit path_beg -i /feeds
acl blockit path_beg -i /desktop
acl blockit path_beg -i /ios
acl blockit path_beg -i /ipad
acl blockit path_beg -i /magento
acl blockit path_beg -i /method
acl blockit path_beg -i /news
acl blockit path_beg -i /cipgl
acl blockit path_beg -i /stats
acl blockit path_beg -i /mobile
acl blockit path_beg -i /network_ads
acl blockit path_reg ^/\d+
http-request deny if blockit
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
use_backend be-stg-spark-1443 if { ssl_fc_sni -i spark.stg.REDACTED.com }
use_backend be-spark-dev0-443 if { ssl_fc_sni -i spark.dev0.REDACTED.com }
default_backend be-spark-3443
backend be-spark-3443
description Back end for spark.REDACTED.com site
cookie MSDSRVHA insert indirect nocache
server frontier 10.100.2.25:3443 ssl weight 100 cookie frontier track chk-liferay-3443/frontier
server fremont 10.100.2.26:3443 ssl weight 100 cookie fremont track chk-liferay-3443/fremont
server fiesta 10.100.2.29:3443 ssl weight 150 cookie fiesta track chk-liferay-3443/fiesta
backend be-spark-dev0-443
description Back end for spark.dev0.REDACTED.com site
cookie MSDSRVHA insert indirect nocache
no log
log 127.0.0.1 local0 notice err
server circus 10.100.2.90:443 ssl weight 100 cookie circus track chk-liferay-dev0-443/circus
backend be-stg-spark-1443
description Back end for liferay ssl spark.stg.REDACTED.com.
no log
log 127.0.0.1 local0 notice err
server carnival 10.100.2.103:1443 ssl track chk-liferay-stg-1443/carnival
backend chk-liferay-stg-1443
description A backend purely for doing ssl health checks to stg liferay (spark).
no log
log 127.0.0.1 local0 notice err
option httpchk GET /html/js/barebone.jsp?minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US HTTP/1.1\r\nHost:spark.stg.REDACTED.com
server carnival 10.100.2.103:1443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100
backend chk-liferay-3443
description A backend purely for doing ssl health checks to liferay (spark).
option httpchk GET /html/js/barebone.jsp?minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US HTTP/1.1\r\nHost:spark.REDACTED.com
server frontier 10.100.2.25:3443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100
server fremont 10.100.2.26:3443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100
server fiesta 10.100.2.29:3443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100
# We don't have a staging server listening on 3443.
# Config is here just in case we add one.
#backend chk-liferay-stg-3443
# description A backend purely for doing ssl health checks to liferay (REDACTED2).
# no log
# log 127.0.0.1 local0 notice err
# option httpchk GET /html/js/barebone.jsp?minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US HTTP/1.1\r\nHost:REDACTED2.stg.REDACTED.com
# server carnival 10.100.2.103:2443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100
backend chk-liferay-dev0-443
description A backend purely for doing ssl health checks to dev liferay (spark).
option httpchk GET /html/js/barebone.jsp?minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US HTTP/1.1\r\nHost:spark.dev0.REDACTED.com
no log
log 127.0.0.1 local0 notice err
server circus 10.100.2.90:443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment