-
-
Save rbngzlv/dfadb37becc090c3f0a3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# HAProxy config for hoodie + ssl. | |
# Uses nginx for file serving on 127.0.0.1:5999 | |
# This is optional, Hoodie can serve static files fine. | |
global | |
log 127.0.0.1 local0 debug | |
maxconn 4096 | |
user haproxy | |
group haproxy | |
daemon | |
#debug | |
#quiet | |
defaults | |
log global | |
mode http | |
option httplog | |
option dontlognull | |
option redispatch | |
option http-server-close | |
retries 3 | |
maxconn 2000 | |
contimeout 5000 | |
clitimeout 50000 | |
srvtimeout 50000 | |
frontend https_proxy | |
log global | |
bind :443 ssl crt /path/to/cert.pem no-tls-tickets ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA | |
# Serve hoodie API | |
acl api path_beg /_api | |
# Pocket is separate | |
acl pocket_domain hdr(host) -i pocket.example.com | |
# Futon too | |
acl futon_domain hdr(host) -i futon.example.com | |
# Distinguish between secure and insecure requests | |
acl secure dst_port eq 443 | |
# Mark all cookies as secure if sent over SSL | |
rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure | |
# Add the HSTS header with a 1 year max-age | |
rspadd Strict-Transport-Security:\ max-age=31536000 if secure | |
use_backend pocket if pocket_domain | |
use_backend futon if futon_domain | |
use_backend shared if shared_domain | |
use_backend hoodie if api | |
# comment this out if yu don’t have nginx | |
use_backend nginx if !api | |
frontend http_to_https | |
log global | |
bind :80 # to 80 | |
redirect location https://example.com | |
backend hoodie # hoodie backend from /_api | |
log global | |
server hoodie1 127.0.0.1:6001 check | |
# comment this out, if you don’t use nginx to serve static files. Hoodie can server static files, too | |
backend nginx # static assets from / | |
log global | |
server nginx1 127.0.0.1:5999 check | |
backend pocket | |
log global | |
server hoodie2 127.0.0.1:6002 check | |
backend futon | |
log global | |
server couchdb1 127.0.0.1:6003 check | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment