Skip to content

Instantly share code, notes, and snippets.

@sacreman
Created January 4, 2013 15:32
Show Gist options
  • Save sacreman/4453493 to your computer and use it in GitHub Desktop.
Save sacreman/4453493 to your computer and use it in GitHub Desktop.
haproxy config
global
log 127.0.0.1 local2 info
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600 level admin
#debug
defaults
mode http
log global
option httplog
option dontlognull
option forwardfor
option http-server-close
option redispatch
timeout http-request 10s
timeout queue 1m
timeout connect 5s
timeout client 2m
timeout server 2m
timeout http-keep-alive 10s
timeout check 5s
retries 3
compression algo gzip
compression type text/html text/html;charset=utf-8 text/plain text/css text/javascript application/x-javascript application/javascript application/ecmascript application/rss+xml application/atomsvc+xml application/atom+xml application/atom+xml;type=entry application/atom+xml;type=feed application/cmisquery+xml application/cmisallowableactions+xml application/cmisatom+xml application/cmistree+xml application/cmisacl+xml application/msword application/vnd.ms-excel application/vnd.ms-powerpoint
errorfile 400 /var/www/html/errors/400.http
errorfile 403 /var/www/html/errors/403.http
errorfile 408 /var/www/html/errors/408.http
errorfile 500 /var/www/html/errors/500.http
errorfile 502 /var/www/html/errors/502.http
errorfile 503 /var/www/html/errors/503.http
errorfile 504 /var/www/html/errors/504.http
# Front end for http to https redirect
frontend http
bind *:80
redirect location https://envmy.company.com/share
# Main front end
frontend https
bind *:443 ssl crt /etc/haproxy/company.com.pem
# ACL for backend mapping based on host header
acl is_my hdr_end(host) -i envmy.company.com
acl is_api hdr_end(host) -i envapi.company.com
acl is_a hdr_end(host) -i enva.company.com
acl is_webdav hdr_end(host) -i envwebdav.company.com
acl is_sp hdr_end(host) -i envsp.company.com
# ACL for backend mapping based on url paths
acl is_l7auth path_reg ^/auth/oauth/versions/2/.*
acl robots path_reg ^/robots.txt$
acl app_path path_reg ^/app/.*
acl share_path path_reg ^/share/.*/proxy/app/api/solr/.*
acl share_redirect path_reg ^$|^/$
# Changes to header responses
rspirep ^Location:\s*http://.*?\.company.com(/.*)$ Location:\ \1
rspirep ^Location:(.*\?\w+=)http(%3a%2f%2f.*?\.company.com%2f.*)$ Location:\ \1https\2
rspadd Strict-Transport-Security:\ max-age=15768000
# Blocked paths
block if app_path is_my
# Redirects
redirect location /share if share_redirect is_my
# List of backends
use_backend S3 if robots
use_backend layer7 if is_l7auth
use_backend share if is_my
use_backend api if is_api
use_backend api if is_a
use_backend webdav if is_webdav
use_backend sharepoint if is_sp
default_backend share
backend share
# Enable the cool stats page only on share backend
stats enable
stats hide-version
stats auth admin:*********
stats uri /monitor
stats refresh 5s
option httpchk GET /share
server tomcat1 envappn1.app.pri:8080 cookie share1 check inter 5000
server tomcat2 envappn2.app.pri:8080 cookie share2 check inter 5000
server tomcat3 envappn3.app.pri:8080 cookie share3 check inter 5000
appsession JSESSIONID len 52 timeout 3h
backend api
balance source
option httpchk GET /app
reqrep ^([^\ ]*)\ /(.*) \1\ /app/publicapi/\2
server tomcat1 envappn1.app.pri:8080 check inter 5000
server tomcat2 envappn2.app.pri:8080 check inter 5000
server tomcat3 envappn3.app.pri:8080 check inter 5000
backend webdav
option httpchk GET /app
reqrep ^([^\ ]*)\ /(.*) \1\ /app/webdav/\2
server tomcat1 envappn1.app.pri:8080 check inter 5000
server tomcat2 envappn2.app.pri:8080 check inter 5000
server tomcat3 envappn3.app.pri:8080 check inter 5000
backend sharepoint
server tomcat1 envappn1.app.pri:7070 cookie share1 check inter 5000
server tomcat2 envappn2.app.pri:7070 cookie share2 check inter 5000
server tomcat3 envappn3.app.pri:7070 cookie share3 check inter 5000
appsession VTISESSIONID len 52 timeout 3h
backend layer7
server qa-layer7.app.pri qa-layer7.app.pri:8443 check inter 5000 ssl
backend S3
reqirep ^Host: Host:\ s3.amazonaws.com
reqrep ^([^\ ]*)\ /(.*) \1\ /app-static/\2
server CDN s3.amazonaws.com:80 check inter 5000
reqidel ^Authorization:.*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment