Skip to content

Instantly share code, notes, and snippets.

Last active March 1, 2022 11:14
Show Gist options
  • Save kerren/5e3396de50081bc181f38a8998003943 to your computer and use it in GitHub Desktop.
Save kerren/5e3396de50081bc181f38a8998003943 to your computer and use it in GitHub Desktop.
The haproxy.cfg file on the router host
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
log global
mode http
option httplog
option dontlognull
timeout connect 10s
timeout client 60s
timeout server 60s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http_in
mode http
option httplog
bind *:80
option forwardfor
acl host_server1 hdr(host) -i
acl host_server1 hdr(host) -i
acl host_server2 hdr(host) -i
acl host_server3 hdr(host) -i
use_backend http_server1 if host_server1
use_backend http_server2 if host_server2
use_backend http_server3 if host_server3
backend http_server1
mode http
option httplog
option forwardfor
server server1 server1:80
backend http_server2
mode http
option httplog
option forwardfor
server server2 server2:80
backend http_server3
mode http
option httplog
option forwardfor
server server3 server3:80
frontend https_in
mode tcp
option tcplog
bind *:443
acl tls req.ssl_hello_type 1
tcp-request inspect-delay 5s
tcp-request content accept if tls
acl host_server1 req.ssl_sni -i
acl host_server1 req.ssl_sni -i
acl host_server2 req.ssl_sni -i
acl host_server3 req.ssl_sni -i
use_backend https_server1 if host_server1
use_backend https_server2 if host_server2
use_backend https_server3 if host_server3
backend https_server1
mode tcp
option tcplog
option ssl-hello-chk
server server1 server1:443
backend https_server2
mode tcp
option tcplog
option ssl-hello-chk
server server2 server2:443
backend https_server3
mode tcp
option tcplog
option ssl-hello-chk
server server3 server3:443
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment