-
-
Save elyograg/597fa2427f3039ddfb15 to your computer and use it in GitHub Desktop.
Redacted haproxy config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
log 127.0.0.1 local0 | |
log 127.0.0.1 local1 notice | |
maxconn 4096 | |
daemon | |
spread-checks 2 | |
tune.bufsize 65536 | |
ssl-server-verify none | |
tune.ssl.default-dh-param 2048 | |
ssl-default-bind-ciphers ALL:!DH:!ADH:!EXP:!LOW:!RC2:!3DES:!SEED:!RC4:+HIGH:+MEDIUM | |
ssl-default-server-ciphers RC4-MD5 | |
defaults | |
log global | |
mode http | |
option forwardfor except 127.0.0.1 | |
balance leastconn | |
option httplog | |
option dontlognull | |
option redispatch | |
option abortonclose | |
retries 1 | |
timeout connect 5s | |
timeout client 15s | |
timeout server 120s | |
timeout http-keep-alive 5s | |
timeout check 9990 | |
listen stats 0.0.0.0:8080 | |
description The listener for the stats that you're looking at right now. | |
stats uri / | |
frontend fe-spark-80 | |
description Front end that accepts non-ssl production spark requests. | |
bind xx.xxx.xxx.78:80 | |
acl blockit hdr_sub(User-Agent) -i bittorrent | |
acl blockit path_beg -i /announc | |
acl bot hdr_cnt(User-Agent) 0 | |
acl bot hdr_sub(User-Agent) -i baiduspider ia_archiver jeeves googlebot mediapartners-google msnbot slurp zyborg yandexnews fairshare.cc yandex bingbot crawler everyonesocialbot feed\ crawler google-http-java-client java/1.6.0_38 owlin\ bot sc\ news wikioimagesbot xenu\ link\ sleuth yahoocachesystem | |
acl facebook hdr_sub(User-Agent) -i facebookexternalhit | |
acl socialbot hdr_sub(User-Agent) -i facebookexternalhit | |
acl socialbot hdr_sub(User-Agent) -i twitterbot | |
acl socialbot hdr_sub(User-Agent) -i feedfetcher-google | |
http-request deny if blockit | |
redirect scheme https if !{ ssl_fc } | |
frontend fe-spark-443 | |
description Front end that accepts ssl production spark requests. | |
bind xx.xxx.xxx.78:443 ssl crt /etc/ssl/certs/local/wildcard.REDACTED.com.pem crt /etc/ssl/certs/local/wildcard.stg_dev0-9.REDACTED.com.pem no-sslv3 | |
acl bot hdr_cnt(User-Agent) 0 | |
acl bot hdr_sub(User-Agent) -i baiduspider ia_archiver jeeves googlebot mediapartners-google msnbot slurp zyborg yandexnews fairshare.cc yandex bingbot crawler everyonesocialbot feed\ crawler google-http-java-client java/1.6.0_38 owlin\ bot sc\ news wikioimagesbot xenu\ link\ sleuth yahoocachesystem | |
acl facebook hdr_sub(User-Agent) -i facebookexternalhit | |
acl socialbot hdr_sub(User-Agent) -i facebookexternalhit | |
acl socialbot hdr_sub(User-Agent) -i twitterbot | |
acl socialbot hdr_sub(User-Agent) -i feedfetcher-google | |
acl blockit hdr_sub(User-Agent) -i torrent | |
acl blockit path_beg -i /announc | |
acl blockit path_beg -i /v2.0 | |
acl blockit path_beg -i /v2.1 | |
acl blockit path_beg -i /v2.2 | |
acl blockit path_beg -i /fr | |
acl blockit path_beg -i /tr | |
acl blockit path_beg -i /connect | |
acl blockit path_beg -i /feeds | |
acl blockit path_beg -i /desktop | |
acl blockit path_beg -i /ios | |
acl blockit path_beg -i /ipad | |
acl blockit path_beg -i /magento | |
acl blockit path_beg -i /method | |
acl blockit path_beg -i /news | |
acl blockit path_beg -i /cipgl | |
acl blockit path_beg -i /stats | |
acl blockit path_beg -i /mobile | |
acl blockit path_beg -i /network_ads | |
acl blockit path_reg ^/\d+ | |
http-request deny if blockit | |
reqadd X-Forwarded-Proto:\ https if { ssl_fc } | |
use_backend be-stg-spark-1443 if { ssl_fc_sni -i spark.stg.REDACTED.com } | |
use_backend be-spark-dev0-443 if { ssl_fc_sni -i spark.dev0.REDACTED.com } | |
default_backend be-spark-3443 | |
backend be-spark-3443 | |
description Back end for spark.REDACTED.com site | |
cookie MSDSRVHA insert indirect nocache | |
server frontier 10.100.2.25:3443 ssl weight 100 cookie frontier track chk-liferay-3443/frontier | |
server fremont 10.100.2.26:3443 ssl weight 100 cookie fremont track chk-liferay-3443/fremont | |
server fiesta 10.100.2.29:3443 ssl weight 150 cookie fiesta track chk-liferay-3443/fiesta | |
backend be-spark-dev0-443 | |
description Back end for spark.dev0.REDACTED.com site | |
cookie MSDSRVHA insert indirect nocache | |
no log | |
log 127.0.0.1 local0 notice err | |
server circus 10.100.2.90:443 ssl weight 100 cookie circus track chk-liferay-dev0-443/circus | |
backend be-stg-spark-1443 | |
description Back end for liferay ssl spark.stg.REDACTED.com. | |
no log | |
log 127.0.0.1 local0 notice err | |
server carnival 10.100.2.103:1443 ssl track chk-liferay-stg-1443/carnival | |
backend chk-liferay-stg-1443 | |
description A backend purely for doing ssl health checks to stg liferay (spark). | |
no log | |
log 127.0.0.1 local0 notice err | |
option httpchk GET /html/js/barebone.jsp?minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US HTTP/1.1\r\nHost:spark.stg.REDACTED.com | |
server carnival 10.100.2.103:1443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100 | |
backend chk-liferay-3443 | |
description A backend purely for doing ssl health checks to liferay (spark). | |
option httpchk GET /html/js/barebone.jsp?minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US HTTP/1.1\r\nHost:spark.REDACTED.com | |
server frontier 10.100.2.25:3443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100 | |
server fremont 10.100.2.26:3443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100 | |
server fiesta 10.100.2.29:3443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100 | |
# We don't have a staging server listening on 3443. | |
# Config is here just in case we add one. | |
#backend chk-liferay-stg-3443 | |
# description A backend purely for doing ssl health checks to liferay (REDACTED2). | |
# no log | |
# log 127.0.0.1 local0 notice err | |
# option httpchk GET /html/js/barebone.jsp?minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US HTTP/1.1\r\nHost:REDACTED2.stg.REDACTED.com | |
# server carnival 10.100.2.103:2443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100 | |
backend chk-liferay-dev0-443 | |
description A backend purely for doing ssl health checks to dev liferay (spark). | |
option httpchk GET /html/js/barebone.jsp?minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US HTTP/1.1\r\nHost:spark.dev0.REDACTED.com | |
no log | |
log 127.0.0.1 local0 notice err | |
server circus 10.100.2.90:443 ssl check inter 10s fastinter 3s rise 3 fall 2 weight 100 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment