Created
October 28, 2017 18:46
-
-
Save toddlers/903b1938f4d4934745163beb6e61888d to your computer and use it in GitHub Desktop.
Haproxy config file for SSL and basic authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
userlist logsusers | |
user username insecure-password passowrd | |
frontend https_external | |
acl search_logsusers http_auth(logsusers) | |
bind 0.0.0.0:443 ssl crt net.pem npn http/1.1 no-sslv3 no-tls-tickets | |
http-request auth unless search_logsusers | |
reqadd X-Forwarded-Proto:\ https | |
reqadd X-Forwarded-Proto:\ https if { ssl_fc } | |
option forwardfor | |
http-request add-header X-Forwarded-Host %[req.hdr(host)] | |
http-request add-header X-Forwarded-Server %[req.hdr(host)] | |
http-request add-header X-Forwarded-Port %[dst_port] | |
acl is_kibana hdr_dom(host) -i -m str logs.example.net | |
use_backend kibana if is_kibana | |
backend kibana | |
description The Graylog Web backend. | |
mode http | |
timeout server 600s | |
redirect scheme https if !{ ssl_fc } | |
http-request set-header X-Graylog-Server-URL https://logs.example.net/api | |
server kibana localhost:5601 maxconn 20 check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment