-
-
Save AndrewEastwood/0bf5225c3286b51248c5927108a5d73f to your computer and use it in GitHub Desktop.
HAProxy configuration to deploy PSGI application
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # application entry points | |
| # https://www.example.com/ (production) | |
| # https://demo.example.com/ (demo/lite production) | |
| # https://devel.example.com/ (development) | |
| # | |
| # static content served by nginx server | |
| # http://app-be1.example.net:4xxx/ | |
| # http://app-be2.example.net:4xxx/ | |
| # | |
| # dynamic content served by PSGI server | |
| # http://app-be1.example.net:3xxx/ | |
| # http://app-be2.example.net:3xxx/ | |
| # | |
| global | |
| nbproc 1 | |
| maxconn 8192 | |
| user nobody | |
| group nobody | |
| log /var/run/log local0 | |
| daemon | |
| # enable compression (haproxy v1.5-dev13 and above required) | |
| tune.comp.maxlevel 5 | |
| spread-checks 5 | |
| defaults | |
| log global | |
| option httpclose | |
| option httplog | |
| option dontlognull | |
| option forwardfor | |
| option abortonclose | |
| option redispatch | |
| mode http | |
| balance roundrobin | |
| retries 3 | |
| timeout connect 5s | |
| timeout server 30s | |
| timeout client 30s | |
| timeout http-keep-alive 200m | |
| # enable compression (haproxy v1.5-dev13 and above required) | |
| compression algo gzip | |
| compression type text/html application/javascript text/css application/x-javascript text/javascript | |
| userlist dev-ops | |
| user op1 insecure-password hoochi-mama1 | |
| user op2 insecure-password hoochi-mama2 | |
| frontend app.example.com | |
| log-format %ci:%cp\ [%t]\ %ft/%b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %U/%B\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r | |
| # enable https (haproxy v1.5-dev required) | |
| # highly recommended to use *.example.com certificate to avoid browser warnings on illegal hostnames | |
| bind :443 ssl crt /path/to/bundle/star.example.com.pem ciphers RC4:HIGH:!aNULL:!MD5 | |
| # modify request headers | |
| reqadd X-Forwarded-Proto:\ https | |
| reqadd X-Forwarded-Port:\ 443 | |
| # modify response headers | |
| rspdel ^Server:.* | |
| rspdel ^X-Powered-By:.* | |
| rspadd Server:\ Dethklok\ (Unix/0.2.3) | |
| rate-limit sessions 1024 | |
| # haproxy health status | |
| monitor-uri /my-health | |
| monitor-net 10.27.5.64/26 | |
| # guess environment | |
| acl host-demo hdr_beg(host) -i demo. | |
| acl host-devel hdr_beg(host) -i devel. | |
| acl host-live hdr_beg(host) -i www. | |
| acl is-static-file path_beg -i /css /js /img /fonts /assets | |
| acl is-static-file path_end -i .jpg .png .gif .jpeg .js .css .html .ico .woff .eot .ttf .svg | |
| acl is-haproxy-stats path_beg /stats | |
| use_backend haproxy if is-haproxy-stats | |
| use_backend static-demo if host-demo is-static-file | |
| use_backend dynamic-demo if host-demo !is-static-file | |
| use_backend static-devel if host-devel is-static-file | |
| use_backend dynamic-devel if host-devel !is-static-file | |
| use_backend static-live if host-live is-static-file | |
| default_backend dynamic-live | |
| # | |
| # HAProxy statistics | |
| # | |
| backend haproxy | |
| acl is-authnd http_auth(dev-ops) | |
| stats uri /stats | |
| stats refresh 180s | |
| stats http-request auth realm app.example.com\ haproxy\ statistics unless is-authnd | |
| stats hide-version | |
| stats show-legends | |
| # | |
| # backends for demo.example.com (demo/lite production environment) | |
| # | |
| backend static-demo | |
| option httpchk HEAD /favicon.ico HTTP/1.1\r\nHost:\ demo.example.com | |
| server ngx1 app-be1.example.net:4040 check inter 30s fall 2 rise 3 | |
| server ngx2 app-be2.example.net:4040 check inter 30s fall 2 rise 3 | |
| backend dynamic-demo | |
| option httpchk HEAD / HTTP/1.1\r\nHost:\ demo.example.com | |
| server sta1 app-be1.example.net:3040 check inter 30s fall 2 rise 3 | |
| server sta2 app-be2.example.net:3040 check inter 30s fall 2 rise 3 | |
| # | |
| # backends for devel.example.com (development environment) | |
| # | |
| backend static-devel | |
| option httpchk HEAD /favicon.ico HTTP/1.1\r\nHost:\ devel.example.com | |
| server ngx1 app-be1.example.net:4020 check inter 30s fall 2 rise 3 | |
| server ngx2 app-be2.example.net:4020 check inter 30s fall 2 rise 3 | |
| backend dynamic-devel | |
| option httpchk HEAD / HTTP/1.1\r\nHost:\ devel.example.com | |
| server sta1 app-be1.example.net:3020 check inter 30s fall 2 rise 3 | |
| server sta2 app-be2.example.net:3020 check inter 30s fall 2 rise 3 | |
| # | |
| # backends for www.example.com (production environment) | |
| # | |
| backend static-live | |
| option httpchk HEAD /favicon.ico HTTP/1.1\r\nHost:\ www.example.com | |
| server ngx1 app-be1.example.net:4000 check inter 30s fall 2 rise 3 | |
| server ngx2 app-be2.example.net:4000 check inter 30s fall 2 rise 3 | |
| backend dynamic-live | |
| option httpchk HEAD / HTTP/1.1\r\nHost:\ www.example.com | |
| server sta1 app-be1.example.net:3000 check inter 30s fall 2 rise 3 | |
| server sta2 app-be2.example.net:3000 check inter 30s fall 2 rise 3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment