Created
May 4, 2018 14:17
-
-
Save mbentley/2c3854c2cbdf43f7ad376d7ca242d702 to your computer and use it in GitHub Desktop.
Example HAProxy Config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| log /dev/log local0 | |
| log /dev/log local1 notice | |
| defaults | |
| log global | |
| mode tcp | |
| option tcplog | |
| option dontlognull | |
| timeout connect 5s | |
| timeout client 50s | |
| timeout client-fin 50s | |
| timeout server 50s | |
| timeout tunnel 1h | |
| default-server inter 15s fastinter 5s downinter 5s rise 2 fall 2 | |
| ### frontends | |
| frontend http | |
| bind 0.0.0.0:80 | |
| mode http | |
| # redirects from http to https | |
| redirect scheme https code 302 if { hdr(Host) -i ucp.example.com } !{ ssl_fc } | |
| redirect scheme https code 302 if { hdr(Host) -i dtr.example.com } !{ ssl_fc } | |
| # <insert your app configs here> | |
| use_backend app_http if { hdr(host) -i app.example.com } | |
| # set default backend | |
| default_backend app_http | |
| frontend https | |
| option tcplog | |
| bind 0.0.0.0:443 | |
| tcp-request inspect-delay 5s | |
| tcp-request content accept if { req_ssl_hello_type 1 } | |
| ## figure out which backend to use | |
| use_backend ucp_https if { req.ssl_sni -i ucp.example.com } | |
| use_backend dtr_https if { req.ssl_sni -i dtr.example.com } | |
| # <insert your app configs here> | |
| use_backend app_https if { req.ssl_sni -i app.example.com } | |
| # set default backend | |
| default_backend app_https | |
| frontend https_6443 | |
| option tcplog | |
| bind 0.0.0.0:6443 | |
| tcp-request inspect-delay 5s | |
| tcp-request content accept if { req_ssl_hello_type 1 } | |
| ## figure out which backend to use | |
| use_backend ucp_kube_https if { req.ssl_sni -i ucp.example.com } | |
| default_backend ucp_kube_https | |
| ### backends | |
| backend ucp_https | |
| mode tcp | |
| option httpchk GET /_ping HTTP/1.1\r\nHost:\ ucp.example.com | |
| server node01:443 10.0.0.1:443 weight 100 check check-ssl verify none | |
| server node02:443 10.0.0.2:443 weight 100 check check-ssl verify none | |
| server node03:443 10.0.0.3:443 weight 100 check check-ssl verify none | |
| backend ucp_kube_https | |
| mode tcp | |
| #option httpchk GET /_ping HTTP/1.1\r\nHost:\ ucp.example.com | |
| server node01:6443 10.0.0.1:6443 weight 100 check check-ssl verify none | |
| server node02:6443 10.0.0.2:6443 weight 100 check check-ssl verify none | |
| server node03:6443 10.0.0.3:6443 weight 100 check check-ssl verify none | |
| backend dtr_https | |
| mode tcp | |
| option httpchk GET /health HTTP/1.1\r\nHost:\ dtr.example.com | |
| server node04:443 10.0.0.4:443 weight 100 check check-ssl verify none | |
| backend app_http | |
| mode http | |
| option tcp-check | |
| server node05:8080 10.0.0.5:8080 weight 100 check | |
| backend app_https | |
| mode tcp | |
| option tcp-check | |
| server node05:8443 10.0.0.5:8443 weight 100 check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment