Created
October 28, 2019 19:09
-
-
Save jacoelho/82b1f547de6abcfa1cf5d66bf842eb2a to your computer and use it in GitHub Desktop.
ha proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| # https://www.haproxy.com/blog/multithreading-in-haproxy/ | |
| # https://thisinterestsme.com/speeding-up-haproxy-ssl-with-multiple-cpu-processes/ | |
| nbproc 1 | |
| nbthread 4 | |
| cpu-map auto:1/1-4 0-3 | |
| maxconn 1000 | |
| # SSL configurations | |
| ssl-default-bind-options ssl-min-ver TLSv1.2 | |
| # more expensive | |
| # ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets | |
| # https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#tune.ssl.default-dh-param | |
| tune.ssl.default-dh-param 2048 | |
| # https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#tune.ssl.maxrecord | |
| tune.ssl.maxrecord 1419 | |
| # https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#tune.ssl.cachesize | |
| tune.ssl.cachesize 100000 | |
| # https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#tune.ssl.lifetime | |
| tune.ssl.lifetime 600 | |
| defaults | |
| # https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-option%20httplog | |
| option httplog | |
| # https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-option%20http-keep-alive | |
| option http-keep-alive | |
| # multiple timeouts | |
| timeout http-request 10s | |
| timeout queue 1m | |
| timeout connect 5s | |
| timeout client 1m | |
| timeout server 1m | |
| timeout http-keep-alive 10s | |
| timeout check 10s | |
| # https://www.suse.com/c/speeding-ssl-need-know-haproxy/ | |
| # set in the correct backend | |
| bind-process 1-4 | |
| # check with ss -tplen | grep haproxy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment