Last active
March 6, 2023 10:02
-
-
Save toddlers/6077650 to your computer and use it in GitHub Desktop.
haproxy config with directives explained
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| log 127.0.0.1 local1 info info | |
| user haproxy | |
| group haproxy | |
| daemon | |
| #quiet | |
| #debug | |
| stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin | |
| defaults | |
| log global | |
| # Expect HTTP layer 7, rather than load-balance at layer 4 | |
| mode http | |
| # Enable http logging format to incldue more details logs | |
| option httplog | |
| # A connection on which no data has been transferred will not be logged (such as monitor probes) | |
| option dontlognull | |
| # Enable HTTP connection closing on the server side but support keep-alive with clients | |
| # (This provides the lowest latency on the client side (slow network) and the fastest session reuse on the server side) | |
| option http-server-close | |
| # option httpclose | |
| # Don't use httpclose and http-server-close, httpclose will disable keepalive on the client side | |
| # Enable the sending of TCP keepalive packets on the client side | |
| option clitcpka | |
| # Add the X-Forwarded-For header unless the request came from 127.0.0.1 (which is Pound) | |
| # If it came from Pound, it will already be present | |
| option forwardfor except 127.0.0.1 | |
| # Rather than check backend servers are up with simple TCP connect, perform layer 7 HTTP GET | |
| option httpchk GET / | |
| # If the backend health check returns 404 error, stop sending new requests to that server | |
| # but try to send persistent requests there | |
| http-check disable-on-404 | |
| # The number of retries to perform on a server after a connection failure. There is a delay of 1 second | |
| # between each retry. | |
| retries 3 | |
| maxconn 10000 | |
| clitimeout 600000 # maximum inactivity time on the client side | |
| srvtimeout 600000 # maximum inactivity time on the server side | |
| timeout connect 8000 # maximum time to wait for a connection attempt to a server to succeed | |
| timeout client 30000 | |
| timeout server 10000 | |
| # HTTPS terminated connections incoming from Pound listening on public-ip:443 | |
| listen https-servers 127.0.0.1:80 | |
| balance roundrobin | |
| stick store-request src | |
| stick-table type ip size 100k expire 30m | |
| cookie backends insert | |
| option persist # Keep retrying dead server in case it's just having a little flap | |
| option redispatch # Fail over to another server if it really is dead | |
| # Active back end servers | |
| server backend1 192.168.0.1:80 cookie backends1 check inter 3000 rise 3 fall 3 | |
| server backend2 192.168.0.2:80 cookie backends2 check inter 3000 rise 3 fall 3 | |
| # log the name of the virtual server | |
| capture request header Host len 20 | |
| # log the amount of data uploaded during a POST | |
| capture request header Content-Length len 10 | |
| # log the beginning of the referrer | |
| capture request header Referer len 20 | |
| # caputre the original source IP when terminted by Pound proxy | |
| capture request header X-Forwarded-For len 60 | |
| # server name (useful for outgoing proxies only) | |
| capture response header Server len 40 | |
| # logging the content-length is useful with "option logasap" | |
| capture response header Content-Length len 10 | |
| # log the expected cache behaviour on the response | |
| capture response header Cache-Control len 8 | |
| # the Via header will report the next proxy's name | |
| capture response header Via len 20 | |
| # log the URL location during a redirection | |
| capture response header Location len 20 | |
| # Example with frontend and backend | |
| # Listening directly on public IP for incoming plain HTTP requests | |
| frontend listen-http-servers | |
| 192.0.2.20:80 | |
| acl backend_down nbsrv(http-iis-servers) lt 2 # HAProxy can see lee than 2 backend servers | |
| monitor-net 172.22.0.222/32 # Always get s HTTP 200 to verify HAproxy is runing | |
| monitor-uri /monitorpath | |
| monitor fail if backend_down # Anyone else gets 200 or 503 based on ACL backend_down | |
| default_backend http-iis-servers | |
| # log the name of the virtual server | |
| capture request header Host len 20 | |
| # log the amount of data uploaded during a POST | |
| capture request header Content-Length len 10 | |
| # log the beginning of the referrer | |
| capture request header Referer len 20 | |
| # caputre the original source IP when terminted by Pound proxy | |
| capture request header X-Forwarded-For len 60 | |
| # server name (useful for outgoing proxies only) | |
| capture response header Server len 40 | |
| # logging the content-length is useful with "option logasap" | |
| capture response header Content-Length len 10 | |
| # log the expected cache behaviour on the response | |
| capture response header Cache-Control len 8 | |
| # the Via header will report the next proxy's name | |
| capture response header Via len 20 | |
| # log the URL location during a redirection | |
| capture response header Location len 20 | |
| backend http-servers | |
| #balance source | |
| balance roundrobin | |
| stick store-request src | |
| stick-table type ip size 100k expire 30m | |
| cookie backends insert | |
| option persist | |
| option redispatch | |
| # Active back end servers | |
| server backend1 192.168.0.1:80 cookie backends1 check inter 3000 rise 3 fall 3 | |
| server backend2 192.168.0.2:80 cookie backends2 check inter 3000 rise 3 fall 3 | |
| listen stats :1936 | |
| mode http | |
| stats enable | |
| stats hide-version | |
| stats realm Haproxy\ Statistics | |
| stats uri / | |
| stats auth hastats:supersecretpassword |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
good