Last active
July 30, 2024 09:17
-
-
Save febri4n/1ba2468b69afa1427c84c9e97238698d to your computer and use it in GitHub Desktop.
README! ingress with cert-manager & haproxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SETUP HAPROXY SEBAGAI INGRESS-NGINX HARUS MENGGUNAKAN MODE TCP. | |
global | |
log /dev/log local0 | |
log /dev/log local1 notice | |
chroot /var/lib/haproxy | |
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners | |
stats timeout 30s | |
user haproxy | |
group haproxy | |
daemon | |
# Default SSL material locations | |
ca-base /etc/ssl/certs | |
crt-base /etc/ssl/private | |
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate | |
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | |
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 | |
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets | |
defaults | |
log global | |
mode http <----------------------------------------- HAPUS DEFAULT MODE HTTP NYA, ATAU GANTI TCP | |
option httplog <-------------------------------------- INI JUGA DI HAPUS ATAU GANTI TCP | |
option dontlognull | |
timeout connect 5000 | |
timeout client 50000 | |
timeout server 50000 | |
errorfile 400 /etc/haproxy/errors/400.http | |
errorfile 403 /etc/haproxy/errors/403.http | |
errorfile 408 /etc/haproxy/errors/408.http | |
errorfile 500 /etc/haproxy/errors/500.http | |
errorfile 502 /etc/haproxy/errors/502.http | |
errorfile 503 /etc/haproxy/errors/503.http | |
errorfile 504 /etc/haproxy/errors/504.http | |
frontend http_front | |
bind *:80 | |
mode tcp <----------------------------------------- GUNAKAN MODE TCP | |
default_backend http_back | |
frontend https_front | |
bind *:443 | |
mode tcp <----------------------------------------- GUNAKAN MODE TCP | |
default_backend https_back | |
backend http_back | |
balance roundrobin | |
server worker-node-1 192.168.1.11:30707 check <------ PERHATIKAN INI, GUNAKAN IP NODE DAN JUGA PORT SERVICE INGRESS-NGINX-CONTROLLER | |
server worker-node-2 192.168.1.12:30707 check | |
server worker-node-3 192.168.1.13:30707 check | |
backend https_back | |
balance roundrobin | |
server worker-node-1 192.168.1.11:30833 check <------ PERHATIKAN INI, GUNAKAN IP NODE DAN JUGA PORT SERVICE INGRESS-NGINX-CONTROLLER | |
server worker-node-2 192.168.1.12:30833 check | |
server worker-node-3 192.168.1.13:30833 check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment