Created
March 26, 2024 17:19
-
-
Save gridhead/b992b6abc02b7f4694a4a95d1936b145 to your computer and use it in GitHub Desktop.
Haproxy Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--------------------------------------------------------------------- | |
| # Example configuration for a possible web application. See the | |
| # full configuration options online. | |
| # | |
| # https://www.haproxy.org/download/1.8/doc/configuration.txt | |
| # | |
| #--------------------------------------------------------------------- | |
| #--------------------------------------------------------------------- | |
| # Global settings | |
| #--------------------------------------------------------------------- | |
| global | |
| # to have these messages end up in /var/log/haproxy.log you will | |
| # need to: | |
| # | |
| # 1) configure syslog to accept network log events. This is done | |
| # by adding the '-r' option to the SYSLOGD_OPTIONS in | |
| # /etc/sysconfig/syslog | |
| # | |
| # 2) configure local2 events to go to the /var/log/haproxy.log | |
| # file. A line like the following can be added to | |
| # /etc/sysconfig/syslog | |
| # | |
| # local2.* /var/log/haproxy.log | |
| # | |
| log 127.0.0.1 local2 | |
| chroot /var/lib/haproxy | |
| pidfile /var/run/haproxy.pid | |
| maxconn 2048 | |
| user haproxy | |
| group haproxy | |
| daemon | |
| # configure the maximum size of temporary DHE keys that are generated | |
| tune.ssl.default-dh-param 2048 | |
| # turn on stats unix socket | |
| stats socket /var/lib/haproxy/stats | |
| # utilize system-wide crypto-policies | |
| ssl-default-bind-ciphers PROFILE=SYSTEM | |
| ssl-default-server-ciphers PROFILE=SYSTEM | |
| #--------------------------------------------------------------------- | |
| # common defaults that all the 'listen' and 'backend' sections will | |
| # use if not designated in their block | |
| #--------------------------------------------------------------------- | |
| defaults | |
| mode http | |
| log global | |
| option httplog | |
| option dontlognull | |
| option http-server-close | |
| option forwardfor except 127.0.0.0/8 | |
| option redispatch | |
| retries 3 | |
| timeout http-request 10s | |
| timeout queue 1m | |
| timeout connect 10s | |
| timeout client 1m | |
| timeout server 1m | |
| timeout http-keep-alive 10s | |
| timeout check 10s | |
| maxconn 2048 | |
| frontend apexaltruism | |
| bind *:80 | |
| bind *:443 ssl crt /etc/haproxy/cert/apexaltruism.net.pem | |
| # READ https://serversforhackers.com/c/letsencrypt-with-haproxy | |
| # READ https://www.digitalocean.com/community/tutorials/how-to-secure-haproxy-with-let-s-encrypt-on-ubuntu-14-04 | |
| # READ WILDCARD https://serverfault.com/a/812038 | |
| # UNEXPLAINED 503 https://serverfault.com/a/1016614 | |
| # LOAD BALANCING MULTIPLE DOMAINS https://medium.com/trabe/multiple-ssl-configurations-in-the-same-ip-port-with-haproxy-349c7dc9a170 | |
| http-request set-header X-Forwarded-Proto https | |
| redirect scheme https code 301 if !{ ssl_fc } | |
| # [PATH] CHAT | |
| # use_backend back_chat if { path /chat } || { path_beg /chat/ } | |
| # [PATH] JUMP | |
| # use_backend back_jump if { path /jump } || { path_beg /jump/ } | |
| # [PATH] DASH | |
| # use_backend back_dash if { path /dash } || { path_beg /dash/ } | |
| # [PATH] DOWNLOAD | |
| # use_backend back_download if { path /download } || { path_beg /download/ } | |
| # [PATH] EXPLORER | |
| # use_backend back_explorer if { path /explorer } || { path_beg /explorer/ } | |
| # [FRNT] ROOT | |
| acl sbdm_root hdr(host) -i apexaltruism.net | |
| use_backend back_root if sbdm_root | |
| # [FRNT] CHAT | |
| acl sbdm_chat hdr(host) -i chat.apexaltruism.net | |
| use_backend back_chat if sbdm_chat | |
| # [FRNT] DASH | |
| acl sbdm_dash hdr(host) -i dash.apexaltruism.net | |
| use_backend back_dash if sbdm_dash | |
| # [FRNT] DOWNLOAD | |
| acl sbdm_download hdr(host) -i download.apexaltruism.net | |
| use_backend back_download if sbdm_download | |
| # [FRNT] EXPLORER | |
| acl sbdm_explorer hdr(host) -i explorer.apexaltruism.net | |
| use_backend back_explorer if sbdm_explorer | |
| # [FRNT] JUMP | |
| acl sbdm_jump hdr(host) -i jump.apexaltruism.net | |
| use_backend back_jump if sbdm_jump | |
| # [FRNT] PLAY | |
| # acl sbdm_play hdr(host) -i play.apexaltruism.net | |
| # use_backend back_play if sbdm_play | |
| # [FRNT] STREAM | |
| acl sbdm_stream hdr(host) -i stream.apexaltruism.net | |
| use_backend back_stream if sbdm_stream | |
| # [FRNT] STREAM-BACK | |
| acl sbdm_stream_back hdr(host) -i stream-back.apexaltruism.net | |
| use_backend back_stream_back if sbdm_stream_back | |
| # [FRNT] STREAM-PASS | |
| acl sbdm_stream_pass hdr(host) -i stream-pass.apexaltruism.net | |
| use_backend back_stream_pass if sbdm_stream_pass | |
| # [FRNT] COCKPIT | |
| acl sbdm_cockpit hdr(host) -i cockpit-gridhead-main.apexaltruism.net | |
| use_backend back_cockpit if sbdm_cockpit | |
| # [BACK] CHAT | |
| backend back_chat | |
| # http-request replace-path /chat(/)?(.*) /\2 | |
| server back_chat 127.0.0.1:9898 | |
| backend back_cockpit | |
| server back_cockpit 129.154.253.197:9090 | |
| # [BACK] DASH | |
| backend back_dash | |
| # http-request replace-path /dash(/)?(.*) /\2 | |
| server back_dash 127.0.0.1:9000 | |
| # [BACK] DOWNLOAD | |
| backend back_download | |
| # http-request replace-path /download(/)?(.*) /\2 | |
| server back_download 127.0.0.1:8112 | |
| # [BACK] EXPLORER | |
| backend back_explorer | |
| # http-request replace-path /explorer(/)?(.*) /\2 | |
| server back_download 192.168.192.111:3000 | |
| # [BACK] JUMP | |
| backend back_jump | |
| # http-request replace-path /jump(/)?(.*) /\2 | |
| server back_jump 192.168.192.111:5005 | |
| # [BACK] PLAY | |
| # backend back_play | |
| # server back_play 192.168.192.111:32400 | |
| # [BACK] STREAM | |
| backend back_stream | |
| server back_stream 192.168.192.111:6969 | |
| # [BACK] STREAM BACK | |
| backend back_stream_back | |
| server back_stream_back 192.168.192.111:4200 | |
| # [BACK] STREAM BACK | |
| backend back_stream_pass | |
| server back_stream_pass 192.168.192.111:4000 | |
| # [BACK] ROOT | |
| backend back_root | |
| server back_root 127.0.0.1:2368 | |
| # [FULL] BADGESDB-MAIN | |
| frontend frnt_badgesdb_main | |
| mode tcp | |
| bind *:5432 transparent crt /etc/haproxy/cert/apexaltruism.net.pem | |
| acl sbdm_badgesdb_main req.ssl_sni -i badgesdb-main.apexaltruism.net | |
| use_backend back_badgesdb_main if sbdm_badgesdb_main | |
| default_backend back_badgesdb_main | |
| backend back_badgesdb_main | |
| mode tcp | |
| server back_badgesdb_main 192.168.192.112:5432 | |
| # [FULL] DISK | |
| frontend frnt_disk | |
| mode tcp | |
| bind *:445 transparent crt /etc/haproxy/cert/apexaltruism.net.pem | |
| # Check outgoing port support by running `curl portquiz.net:445 --connect-timeout 60` | |
| # Added support for PORT 4450 as PORT 445 is blocked on Jio Fiber and Jio Mobile Carrier | |
| bind *:4450 transparent crt /etc/haproxy/cert/apexaltruism.net.pem | |
| acl sbdm_disk req.ssl_sni -i disk.apexaltruism.net | |
| use_backend back_disk if sbdm_disk | |
| default_backend back_disk | |
| backend back_disk | |
| mode tcp | |
| server back_disk 192.168.192.112:445 | |
| # [FULL] DOWNLOAD_SEED | |
| # frontend frnt_download_seed | |
| # mode tcp | |
| # bind *:6881 transparent crt /etc/haproxy/cert/apexaltruism.net.pem | |
| # acl sbdm_download_seed req.ssl_sni -i download.apexaltruism.net | |
| # use_backend back_download_seed if sbdm_download_seed | |
| # default_backend back_download_seed | |
| # | |
| # backend back_download_seed | |
| # mode tcp | |
| # server back_disk 192.168.192.111:6881 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment