janl/haproxy.conf

## haproxy.conf
# HAProxy config for hoodie + ssl.
# Uses nginx for file serving on 127.0.0.1:5999
# This is optional, Hoodie can serve static files fine.

global
  log 127.0.0.1 local0 debug
  maxconn 4096
  user haproxy
  group haproxy
  daemon
  #debug
  #quiet

defaults
  log global
  mode  http
  option  httplog
  option  dontlognull
  option  redispatch
  option http-server-close
  retries 3
  maxconn 2000
  contimeout  5000
  clitimeout  50000
  srvtimeout  50000

frontend https_proxy
  log global
  bind :443 ssl crt /path/to/cert.pem no-tls-tickets ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA

  # Serve hoodie API
  acl api path_beg /_api

  # Pocket is separate
  acl pocket_domain hdr(host) -i pocket.example.com

  # Futon too
  acl futon_domain hdr(host) -i futon.example.com

  # Distinguish between secure and insecure requests
  acl secure dst_port eq 443

  # Mark all cookies as secure if sent over SSL
  rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure

  # Add the HSTS header with a 1 year max-age
  rspadd Strict-Transport-Security:\ max-age=31536000 if secure

  use_backend pocket if pocket_domain
  use_backend futon if futon_domain
  use_backend shared if shared_domain
  use_backend hoodie if api
  # comment this out if yu don’t have nginx
  use_backend nginx if !api

frontend http_to_https
  log global
  bind :80 # to 80
  redirect location https://example.com

backend hoodie # hoodie backend from /_api
  log global
  server hoodie1 127.0.0.1:6001 check

# comment this out, if you don’t use nginx to serve static files. Hoodie can server static files, too
backend nginx # static assets from /
  log global
  server nginx1 127.0.0.1:5999 check

backend pocket
  log global
  server hoodie2 127.0.0.1:6002 check

backend futon
  log global
  server couchdb1 127.0.0.1:6003 check
	# HAProxy config for hoodie + ssl.
	# Uses nginx for file serving on 127.0.0.1:5999
	# This is optional, Hoodie can serve static files fine.

	global
	log 127.0.0.1 local0 debug
	maxconn 4096
	user haproxy
	group haproxy
	daemon
	#debug
	#quiet

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	option redispatch
	option http-server-close
	retries 3
	maxconn 2000
	contimeout 5000
	clitimeout 50000
	srvtimeout 50000

	frontend https_proxy
	log global
	bind :443 ssl crt /path/to/cert.pem no-tls-tickets ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA

	# Serve hoodie API
	acl api path_beg /_api

	# Pocket is separate
	acl pocket_domain hdr(host) -i pocket.example.com

	# Futon too
	acl futon_domain hdr(host) -i futon.example.com

	# Distinguish between secure and insecure requests
	acl secure dst_port eq 443

	# Mark all cookies as secure if sent over SSL
	rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure

	# Add the HSTS header with a 1 year max-age
	rspadd Strict-Transport-Security:\ max-age=31536000 if secure

	use_backend pocket if pocket_domain
	use_backend futon if futon_domain
	use_backend shared if shared_domain
	use_backend hoodie if api
	# comment this out if yu don’t have nginx
	use_backend nginx if !api

	frontend http_to_https
	log global
	bind :80 # to 80
	redirect location https://example.com

	backend hoodie # hoodie backend from /_api
	log global
	server hoodie1 127.0.0.1:6001 check

	# comment this out, if you don’t use nginx to serve static files. Hoodie can server static files, too
	backend nginx # static assets from /
	log global
	server nginx1 127.0.0.1:5999 check

	backend pocket
	log global
	server hoodie2 127.0.0.1:6002 check

	backend futon
	log global
	server couchdb1 127.0.0.1:6003 check