roylines/haproxy.cfg

## haproxy.cfg
global
    pidfile /var/run/haproxy.pid
    log 127.0.0.1 local0
    maxconn 4000
    # set default parameters to the intermediate configuration
    # tune.ssl.default-dh-param 2048
    # ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

defaults
    log global
    timeout http-request 10s # set to low value for slowloris
    timeout connect 10s
    timeout client 30s

frontend www-http-foo
    mode http
    bind :80
    # bind :443 ssl no-sslv3 crt /etc/haproxy/foo.com.pem crt /etc/haproxy/bar.com.pem
    default_backend http-app-foo

    # limit number of connections to 50 per user, and no more than 100 open over 3 seconds
    stick-table type ip size 5000k expire 30s store conn_cur,conn_rate(3s)
    tcp-request connection reject if { src_conn_cur ge 50 }
    tcp-request connection reject if { src_conn_rate ge 100 }
    tcp-request connection track-sc1 src

    # redirect www to no subdomain
    redirect prefix http://foo.com code 301 if { hdr(host) -i www.foo.com }

    # redirect http to https
    # redirect scheme https code 301 if !{ ssl_fc }

    # setup statistics
    stats enable
    stats hide-version
    stats uri /haproxy
    stats realm Strictly\ Private
    stats auth user:password

    option httplog
    option forwardfor
    timeout client 5000
    option http-server-close

    acl url-microservice-foo path_beg /api/v1/foo
    use_backend microservice-foo if url-microservice-foo

    acl url-microservice-bar path_beg /api/v1/bar
    use_backend microservice-bar if url-microservice-bar

    # prerender.io
    # acl user-agent-bot hdr_sub(User-Agent) -i baiduspider twitterbot facebookexternalhit rogerbot linkedinbot embedly showyoubot outbrain pinterest slackbot vkShare W3C_Validator
    # acl url-asset path_end js css xml less png jpg jpeg gif pdf doc txt ico rss zip mp3 rar exe wmv doc avi ppt mpg mpeg tif wav mov psd ai xls mp4 m4a swf dat dmg iso flv m4v torrent ttf woff
    # acl url-escaped-fragment url_sub _escaped_fragment_

    # use_backend prerender if user-agent-bot !url-asset
    # use_backend prerender if url-escaped-fragment !url-asset

# backend prerender
   # mode http
   # timeout server 20s
   # server prerender service.prerender.io:443 check ssl verify none
   # http-request set-header X-Prerender-Token INSERT-PRERENDER-TOKEN-HERE
   # reqrep ^([^\ ]*)\ /(.*)$ \1\ /https://foo.com/\2

backend http-app-foo
    mode http
    timeout server 5s
    balance roundrobin
    server http-app-foo-1 54.175.222.246:80 check

backend microservice-foo
    mode http
    timeout server 5s
    balance roundrobin
    server microservice-foo-1 54.175.222.246:80 check

backend microservice-bar
    mode http
    timeout server 5s
    balance roundrobin
    server microservice-bar-1 54.175.222.246:80 check
	global
	pidfile /var/run/haproxy.pid
	log 127.0.0.1 local0
	maxconn 4000
	# set default parameters to the intermediate configuration
	# tune.ssl.default-dh-param 2048
	# ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

	defaults
	log global
	timeout http-request 10s # set to low value for slowloris
	timeout connect 10s
	timeout client 30s

	frontend www-http-foo
	mode http
	bind :80
	# bind :443 ssl no-sslv3 crt /etc/haproxy/foo.com.pem crt /etc/haproxy/bar.com.pem
	default_backend http-app-foo

	# limit number of connections to 50 per user, and no more than 100 open over 3 seconds
	stick-table type ip size 5000k expire 30s store conn_cur,conn_rate(3s)
	tcp-request connection reject if { src_conn_cur ge 50 }
	tcp-request connection reject if { src_conn_rate ge 100 }
	tcp-request connection track-sc1 src

	# redirect www to no subdomain
	redirect prefix http://foo.com code 301 if { hdr(host) -i www.foo.com }

	# redirect http to https
	# redirect scheme https code 301 if !{ ssl_fc }

	# setup statistics
	stats enable
	stats hide-version
	stats uri /haproxy
	stats realm Strictly\ Private
	stats auth user:password

	option httplog
	option forwardfor
	timeout client 5000
	option http-server-close

	acl url-microservice-foo path_beg /api/v1/foo
	use_backend microservice-foo if url-microservice-foo

	acl url-microservice-bar path_beg /api/v1/bar
	use_backend microservice-bar if url-microservice-bar

	# prerender.io
	# acl user-agent-bot hdr_sub(User-Agent) -i baiduspider twitterbot facebookexternalhit rogerbot linkedinbot embedly showyoubot outbrain pinterest slackbot vkShare W3C_Validator
	# acl url-asset path_end js css xml less png jpg jpeg gif pdf doc txt ico rss zip mp3 rar exe wmv doc avi ppt mpg mpeg tif wav mov psd ai xls mp4 m4a swf dat dmg iso flv m4v torrent ttf woff
	# acl url-escaped-fragment url_sub _escaped_fragment_

	# use_backend prerender if user-agent-bot !url-asset
	# use_backend prerender if url-escaped-fragment !url-asset

	# backend prerender
	# mode http
	# timeout server 20s
	# server prerender service.prerender.io:443 check ssl verify none
	# http-request set-header X-Prerender-Token INSERT-PRERENDER-TOKEN-HERE
	# reqrep ^([^\ ])\ /(.)$ \1\ /https://foo.com/\2

	backend http-app-foo
	mode http
	timeout server 5s
	balance roundrobin
	server http-app-foo-1 54.175.222.246:80 check

	backend microservice-foo
	mode http
	timeout server 5s
	balance roundrobin
	server microservice-foo-1 54.175.222.246:80 check

	backend microservice-bar
	mode http
	timeout server 5s
	balance roundrobin
	server microservice-bar-1 54.175.222.246:80 check