Created
November 26, 2012 00:08
-
-
Save christiannelson/4145957 to your computer and use it in GitHub Desktop.
Using HAProxy with Node.js, Socket.io and SSL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| nbproc 1 | |
| maxconn 65536 | |
| defaults | |
| timeout connect 5s | |
| timeout queue 5s | |
| timeout server 30s | |
| timeout tunnel 1h | |
| # A non-https front-end for the sole purpose of redirecting to https. | |
| # Incoming uri and params are retained (e.g http://example.com/a&b=5 | |
| # becomes https://example.com/a&b=5). | |
| frontend www | |
| bind 0.0.0.0:80 | |
| mode http | |
| timeout client 5s | |
| redirect prefix https://example.com | |
| # Secure front-end into which all http, websockets, and flash socket | |
| # traffic enters. | |
| frontend wwws | |
| # Enable SSL support. Be sure your pem includes the crt, key | |
| # (passphrase removed), and parent crts in the chain. | |
| bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem | |
| timeout client 1h | |
| default_backend www_backend | |
| # Websocket? Let's check the http header. | |
| acl is_websocket hdr(Upgrade) -i WebSocket | |
| use_backend websocket_backend if is_websocket | |
| # Flash sockets? Let's inspect the data, if it's not http then | |
| # it's flash. | |
| tcp-request inspect-delay 500ms | |
| tcp-request content accept if HTTP | |
| use_backend flashsocket_backend if !HTTP | |
| # Flash clients fetch the flash policy from the standard flash port | |
| # 843 (note that socket.io defaults to 10843). | |
| frontend flash_policy | |
| bind 0.0.0.0:843 | |
| timeout client 5s | |
| default_backend nodejs_flashpolicy | |
| # All non-socket traffic. | |
| backend www_backend | |
| mode http | |
| # Make haproxy available at https://example.com/haproxy | |
| stats enable | |
| stats uri /haproxy | |
| option forwardfor | |
| # Web frameworks (express, rails, sinatra, etc) will use this | |
| # when absolute urls are generated. | |
| reqadd x-forwarded-proto:\ https | |
| server server1 backend:3000 weight 1 maxconn 8192 check | |
| # All websockets traffic. | |
| backend websocket_backend | |
| mode http | |
| option forwardfor | |
| option http-server-close | |
| option forceclose | |
| no option httpclose | |
| server server1 backend:3000 weight 1 maxconn 8192 check | |
| # All flashsockets traffic. | |
| backend flashsocket_backend | |
| server server1 backend:3000 weight 1 maxconn 8192 check | |
| # All flash policy traffic. | |
| backend nodejs_flashpolicy | |
| server server1 backend:10843 maxconn 8192 check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment