Last active
October 29, 2018 21:24
-
-
Save sudomabider/acf8482afaad840a8069ff64e3e88702 to your computer and use it in GitHub Desktop.
haproxy example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
services: | |
haproxy: | |
image: haproxy:alpine | |
restart: 'unless-stopped' | |
logging: | |
driver: 'json-file' | |
options: | |
max-size: 100k | |
max-file: '1' | |
networks: | |
bridge-frontend: | |
ports: | |
- 80:80 | |
- 443:443 | |
volumes: | |
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg | |
- ./certs:/usr/local/etc/haproxy/certs | |
networks: | |
# docker network create bridge-frontend | |
bridge-frontend: | |
external: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
maxconn 4096 | |
# Default ciphers to use on SSL-enabled listening sockets. | |
# For more information, see ciphers(1SSL). This list is from: | |
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
ssl-default-bind-options no-sslv3 | |
ssl-default-bind-ciphers BLAHBLAH | |
ssl-default-server-options no-sslv3 | |
ssl-default-server-ciphers BLAHBLAH | |
defaults | |
timeout connect 5000 | |
timeout client 50000 | |
timeout server 50000 | |
mode http | |
#resolvers docker | |
# nameserver dnsmasq 127.0.0.11:53 | |
frontend http_fe | |
bind *:80 | |
bind *:443 ssl crt /usr/local/etc/haproxy/certs/my_cert.pem | |
# UPGRADE TO HTTPS | |
redirect scheme https code 301 if !{ ssl_fc } | |
# Optionally | |
errorfile 400 /usr/local/etc/haproxy/errors/400.http | |
errorfile 403 /usr/local/etc/haproxy/errors/403.http | |
errorfile 408 /usr/local/etc/haproxy/errors/408.http | |
errorfile 500 /usr/local/etc/haproxy/errors/500.http | |
errorfile 502 /usr/local/etc/haproxy/errors/502.http | |
errorfile 503 /usr/local/etc/haproxy/errors/503.http | |
errorfile 504 /usr/local/etc/haproxy/errors/504.http | |
# Default headers | |
option forwardfor | |
http-request add-header X-Forwarded-Proto https | |
http-request add-header X-Forwarded-Port 443 | |
http-request add-header X-Forwarded-For %[src] | |
# Rules | |
acl is_contact_alpha hdr_beg(host) alpha.contact. | |
acl is_contact_beta hdr_beg(host) beta.contact. | |
acl is_contact_prod hdr_beg(host) contact. | |
use_backend contact_alpha if is_contact_alpha | |
use_backend contact_beta if is_contact_beta | |
use_backend contact if is_contact_prod | |
# default | |
default_backend default | |
backend contact_alpha | |
server s_1 host.docker.internal:5001 check | |
backend contact_beta | |
server s_1 host.docker.internal:5002 check | |
backend contact | |
server s_1 host.docker.internal:5003 check | |
backend default | |
# Create your own error | |
errorfile 404 /usr/local/etc/haproxy/errors/404.http |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment