Last active
August 3, 2023 17:56
-
-
Save haproxytechblog/506671f44a15f65f02fecb7a817f3944 to your computer and use it in GitHub Desktop.
The Four Essential Sections of an HAProxy Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| haproxy -c -f /etc/hapee-1.8/hapee-lb.cfg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| # global settings here | |
| defaults | |
| # defaults here | |
| frontend | |
| # a frontend that accepts requests from clients | |
| backend | |
| # servers that fulfill the requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| maxconn 50000 | |
| log /dev/log local0 | |
| user haproxy | |
| group haproxy | |
| stats socket /run/haproxy/admin.sock user haproxy group haproxy mode 660 level admin | |
| ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 | |
| ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| defaults | |
| timeout connect 10s | |
| timeout client 30s | |
| timeout server 30s | |
| log global | |
| mode http | |
| option httplog | |
| maxconn 3000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend www.mysite.com | |
| bind 10.0.0.3:80 | |
| bind 10.0.0.3:443 ssl crt /etc/ssl/certs/mysite.pem | |
| http-request redirect scheme https unless { ssl_fc } | |
| use_backend api_servers if { path_beg /api/ } | |
| default_backend web_servers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| backend web_servers | |
| balance roundrobin | |
| cookie SERVERUSED insert indirect nocache | |
| option httpchk HEAD / | |
| default-server check maxconn 20 | |
| server server1 10.0.1.3:80 cookie server1 | |
| server server2 10.0.1.4:80 cookie server2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| listen stats | |
| bind *:8404 | |
| stats enable | |
| stats uri /monitor | |
| stats refresh 5s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment