Created
November 27, 2015 14:53
-
-
Save Doooooo0o/67c7dc1d787d1ee5588e to your computer and use it in GitHub Desktop.
haproxy config for docker registry v2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| log /dev/log local0 | |
| log /dev/log local1 notice | |
| chroot /var/lib/haproxy | |
| stats socket /run/haproxy/admin.sock mode 660 level admin | |
| stats timeout 30s | |
| user haproxy | |
| group haproxy | |
| daemon | |
| ssl-server-verify none | |
| # Default SSL material locations | |
| ca-base /etc/ssl/certs | |
| crt-base /etc/ssl/private | |
| # Default ciphers to use on SSL-enabled listening sockets. | |
| # For more information, see ciphers(1SSL). This list is from: | |
| # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
| ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS | |
| ssl-default-bind-options no-sslv3 | |
| defaults | |
| log global | |
| mode http | |
| option httplog | |
| option dontlognull | |
| timeout connect 5000 | |
| timeout client 50000 | |
| timeout server 50000 | |
| errorfile 400 /etc/haproxy/errors/400.http | |
| errorfile 403 /etc/haproxy/errors/403.http | |
| errorfile 408 /etc/haproxy/errors/408.http | |
| errorfile 500 /etc/haproxy/errors/500.http | |
| errorfile 502 /etc/haproxy/errors/502.http | |
| errorfile 503 /etc/haproxy/errors/503.http | |
| errorfile 504 /etc/haproxy/errors/504.http | |
| listen stats | |
| bind 127.0.0.1:8088 | |
| mode http | |
| stats enable | |
| stats hide-version | |
| stats refresh 30s | |
| stats uri /haproxy | |
| frontend registry | |
| mode tcp | |
| bind :443 ssl crt /etc/haproxy/CHANGEME.pem no-sslv3 ciphers TLSv1.2 | |
| acl Auth http_auth(users) | |
| http-request auth realm auth if !Auth | |
| http-request set-header X-Forwarded-Proto https if { ssl_fc } | |
| option httpclose | |
| option forwardfor | |
| log global | |
| default_backend registryback | |
| userlist users | |
| user docker insecure-password CHANGEME # You could use another password scheme | |
| backend registryback | |
| #mode tcp | |
| mode http | |
| server registryback CHANGEME:5000 ssl check fastinter 1000 | |
| rspidel ^server | |
| option forwardfor | |
| option http-server-close | |
| cookie SERVERID insert indirect nocache | |
| option redispatch | |
| rspadd Server:\ w00t\ (Poneycom;\ Unix4lulz/0.1.8) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment