Difference between revisions of "HAProxy Cluster Setup Example"
From Brian Nelson Ramblings
(Created page with " [root@us ~]# cat /etc/haproxy/haproxy.cfg global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats timeout 30s user haproxy group...") |
|||
| Line 1: | Line 1: | ||
[root@us ~]# cat /etc/haproxy/haproxy.cfg | [root@us ~]# cat /etc/haproxy/haproxy.cfg | ||
| − | global | + | global |
| − | + | log /dev/log local0 | |
| − | + | log /dev/log local1 notice | |
| − | + | chroot /var/lib/haproxy | |
| − | + | stats timeout 30s | |
| − | + | user haproxy | |
| − | + | group haproxy | |
| − | + | daemon | |
| − | + | ||
| − | + | ||
| − | + | defaults | |
| − | + | log global | |
| − | + | mode http | |
| − | + | option httplog | |
| − | + | option dontlognull | |
| − | + | option forwardfor | |
| − | + | ||
| − | + | timeout connect 5000 | |
| − | defaults | + | timeout client 50000 |
| − | + | timeout server 50000 | |
| − | + | ||
| − | + | frontend http_front | |
| − | + | bind *:80 | |
| − | + | stats uri /haproxy?stats | |
| − | + | # default_backend http_back | |
| − | + | # redirect all to https | |
| − | + | redirect scheme https if !{ ssl_fc } | |
| − | + | ||
| − | + | frontend https_front | |
| − | frontend http_front | + | bind *:443 ssl crt /etc/haproxy/ssl/dev.briansnelson.com.pem |
| − | + | # reqadd X-Forwarded-Proto:\ https | |
| − | + | mode http | |
| − | # default_backend http_back | + | acl https ssl_fc |
| − | + | ||
| − | + | ||
| − | + | ||
| − | frontend https_front | + | |
| − | + | ||
| − | # reqadd X-Forwarded-Proto:\ https | + | |
| − | + | ||
| − | + | ||
| − | + | ||
# Add the X-Forwarded-Proto header if we're on https | # Add the X-Forwarded-Proto header if we're on https | ||
http-request add-header X-Forwarded-Proto https if https | http-request add-header X-Forwarded-Proto https if https | ||
http-request set-header Ssl-Offloaded 1 if https | http-request set-header Ssl-Offloaded 1 if https | ||
http-request set-header X-Forwarded-Port %[dst_port] | http-request set-header X-Forwarded-Port %[dst_port] | ||
| − | + | ||
default_backend https_back | default_backend https_back | ||
| − | + | ||
| − | backend http_back | + | backend http_back |
| − | + | mode http | |
| − | + | balance roundrobin | |
| − | # server web01 108.61.205.235:80 check ssl verify none | + | # server web01 108.61.205.235:80 check ssl verify none |
| − | # server web02 108.61.205.235:80 check ssl verify none | + | # server web02 108.61.205.235:80 check ssl verify none |
| − | + | ||
| − | backend https_back | + | backend https_back |
| − | + | mode http | |
| − | + | balance leastconn | |
| − | + | server web01 127.0.0.1:6081 check ssl verify none | |
| − | + | server web02 108.61.205.235:443 check ssl verify none backup | |
Revision as of 03:50, 28 June 2019
[root@us ~]# cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http_front
bind *:80
stats uri /haproxy?stats
# default_backend http_back
# redirect all to https
redirect scheme https if !{ ssl_fc }
frontend https_front
bind *:443 ssl crt /etc/haproxy/ssl/dev.briansnelson.com.pem
# reqadd X-Forwarded-Proto:\ https
mode http
acl https ssl_fc
# Add the X-Forwarded-Proto header if we're on https
http-request add-header X-Forwarded-Proto https if https
http-request set-header Ssl-Offloaded 1 if https
http-request set-header X-Forwarded-Port %[dst_port]
default_backend https_back
backend http_back
mode http
balance roundrobin
# server web01 108.61.205.235:80 check ssl verify none
# server web02 108.61.205.235:80 check ssl verify none
backend https_back
mode http
balance leastconn
server web01 127.0.0.1:6081 check ssl verify none
server web02 108.61.205.235:443 check ssl verify none backup
