Skip to content

Instantly share code, notes, and snippets.

@dav1x

dav1x/haproxy.cfg

Created March 20, 2020 14:33
Show Gist options
  • Save dav1x/fe1cfb277ff33aa92b20937ac30527a3 to your computer and use it in GitHub Desktop.
Save dav1x/fe1cfb277ff33aa92b20937ac30527a3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
haproxy.cfg
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
defaults
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend stats
bind *:9000
stats enable
stats uri /stats
stats auth admin:password
stats refresh 10s
mode http
#Favor UPI but let mcm-cluster2 serve as a backup
frontend main80
bind *:80
mode http
acl is_mgmt hdr_dom(host) -i mgmt-hub.e2e.bos.redhat.com
acl is_spoke1 hdr_dom(host) -i mgmt-spoke1.e2e.bos.redhat.com
use_backend mgmt-clus-80 if is_mgmt
use_backend spoke1-clus-80 if is_spoke1
http-request capture hdr(Host) len 100
default_backend mgmt-clus-80
frontend main443
bind *:443
mode tcp
tcp-request inspect-delay 3s
#tcp-request content accept if { req_ssl_hello_type 1 }
tcp-request content capture req.ssl_sni len 100
log-format "capture0: %[capture.req.hdr(0)]"
acl is_mgmt req.ssl_sni -m reg mgmt-hub.e2e.bos.redhat.com
acl is_spoke1 req.ssl_sni -m reg mgmt-spoke1.e2e.bos.redhat.com
use_backend mgmt-clus-443 if is_mgmt
use_backend spoke1-clus-443 if is_spoke1
default_backend mgmt-clus-443
frontend main6443
bind *:6443
mode tcp
tcp-request inspect-delay 3s
#tcp-request content accept if { req_ssl_hello_type 1 }
tcp-request content capture req.ssl_sni len 100
log-format "capture0: %[capture.req.hdr(0)]"
acl is_mgmt req.ssl_sni -m reg mgmt-hub.e2e.bos.redhat.com
acl is_spoke1 req.ssl_sni -m reg mgmt-spoke1.e2e.bos.redhat.com
use_backend mgmt-clus-6443 if is_mgmt
use_backend spoke1-clus-6443 if is_spoke1
default_backend mgmt-clus-6443
backend mgmt-clus-6443
balance source
mode tcp
server mgmt-master0-api 2620:52:0:1302::5:443 check sni req.ssl_sni
server mgmt-master1-api 2620:52:0:1302::6:443 check sni req.ssl_sni
server mgmt-master2-api 2620:52:0:1302::7:443 check sni req.ssl_sni
backend spoke1-clus-6443
balance source
mode tcp
server spoke1-master0-api 2620:52:0:1303::5:443 check sni req.ssl_sni
server spoke1-master1-api 2620:52:0:1303::6:443 check sni req.ssl_sni
server spoke1-master2-api 2620:52:0:1303::7:443 check sni req.ssl_sni
backend mgmt-clus-443
balance source
mode tcp
server mgmt-master0 2620:52:0:1302::5:443 check sni req.ssl_sni
server mgmt-master1 2620:52:0:1302::6:443 check sni req.ssl_sni
server mgmt-master2 2620:52:0:1302::7:443 check sni req.ssl_sni
backend spoke1-clus-443
balance source
mode tcp
server spoke1-master0 2620:52:0:1303::5:443 check sni req.ssl_sni
server spoke1-master1 2620:52:0:1303::6:443 check sni req.ssl_sni
server spoke1-master2 2620:52:0:1303::7:443 check sni req.ssl_sni
backend mgmt-clus-80
http-request replace-header Host (.+apps) \1.mgmt-hub.e2e.bos.redhat.com
balance source
mode http
server mgmt-master0-compute 2620:52:0:1302::5:80 check
server mgmt-master1-compute 2620:52:0:1302::6:80 check
server mgmt-master2-compute 2620:52:0:1302::7:80 check
backend spoke1-clus-80
http-request replace-header Host (.+apps) \1.mgmt-spoke1.e2e.bos.redhat.com
balance source
mode http
server spoke1-master0-compute 2620:52:0:1303::5:80 check
server spoke1-master1-compute 2620:52:0:1303::6:80 check
server spoke1-master2-compute 2620:52:0:1303::7:80 check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment