zhooravell/haproxy.cfg

## haproxy.cfg
global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        # An alternative list with additional directives can be obtained from
        #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

listen stats
    bind 0.0.0.0:8080
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth rmqstat:Uunj3nqnair7bF3m

frontend rmq
    bind        127.0.0.1:5672
    mode        tcp
    maxconn     10000
    option      tcpka
    option      tcplog
    default_backend  rmq

backend rmq
    balance     leastconn
    mode        tcp
    fullconn    10000
    option tcp-check
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
    server      rmq01 ip-address-2:5672 check
    server      rmq03 ip-address-2:5672 check
    server      rmq05 ip-address-2:5672 check
	global
	log /dev/log local0
	log /dev/log local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL). This list is from:
	# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
	# An alternative list with additional directives can be obtained from
	# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
	ssl-default-bind-options no-sslv3

	defaults
	mode http
	timeout connect 5000ms
	timeout client 50000ms
	timeout server 50000ms

	listen stats
	bind 0.0.0.0:8080
	mode http
	stats enable
	stats hide-version
	stats realm Haproxy\ Statistics
	stats uri /
	stats auth rmqstat:Uunj3nqnair7bF3m

	frontend rmq
	bind 127.0.0.1:5672
	mode tcp
	maxconn 10000
	option tcpka
	option tcplog
	default_backend rmq

	backend rmq
	balance leastconn
	mode tcp
	fullconn 10000
	option tcp-check
	default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
	server rmq01 ip-address-2:5672 check
	server rmq03 ip-address-2:5672 check
	server rmq05 ip-address-2:5672 check