Created
April 7, 2019 15:35
-
-
Save kerren/ead0bc57f73fafadfa4b30ae44236cd0 to your computer and use it in GitHub Desktop.
Haproxy config with routing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| log /dev/log local0 | |
| log /dev/log local1 notice | |
| chroot /var/lib/haproxy | |
| stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners | |
| stats timeout 30s | |
| user haproxy | |
| group haproxy | |
| daemon | |
| # Default SSL material locations | |
| ca-base /etc/ssl/certs | |
| crt-base /etc/ssl/private | |
| # Default ciphers to use on SSL-enabled listening sockets. | |
| # For more information, see ciphers(1SSL). This list is from: | |
| # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
| # An alternative list with additional directives can be obtained from | |
| # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy | |
| ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS | |
| ssl-default-bind-options no-sslv3 | |
| defaults | |
| log global | |
| mode http | |
| option httplog | |
| option dontlognull | |
| timeout connect 5000 | |
| timeout client 50000 | |
| timeout server 50000 | |
| errorfile 400 /etc/haproxy/errors/400.http | |
| errorfile 403 /etc/haproxy/errors/403.http | |
| errorfile 408 /etc/haproxy/errors/408.http | |
| errorfile 500 /etc/haproxy/errors/500.http | |
| errorfile 502 /etc/haproxy/errors/502.http | |
| errorfile 503 /etc/haproxy/errors/503.http | |
| errorfile 504 /etc/haproxy/errors/504.http | |
| frontend fe_http_in | |
| bind *:80 | |
| mode http | |
| acl letsencrypt-acl path_beg /.well-known/acme-challenge/ | |
| use_backend backend_letsencrypt_http if letsencrypt-acl | |
| redirect scheme https code 301 if !{ ssl_fc } !letsencrypt-acl | |
| default_backend backend_http_in | |
| frontend fe_https_in | |
| bind *:443 ssl crt /etc/ssl/seoforge.xyz/seoforge.xyz.pem | |
| option forwardfor | |
| # Lets Encrypt endpoint (don't change this) | |
| acl letsencrypt-acl path_beg /.well-known/acme-challenge/ | |
| use_backend backend_letsencrypt_https if letsencrypt-acl | |
| # Routing to different domains and sub domains | |
| acl host_server_a hdr(host) -i sub-domain.server-a.com | |
| use_backend backend_server_a if host_server_a | |
| # Routing to different domains and sub domains | |
| acl host_server_b hdr(host) -i server-b.com | |
| use_backend backend_server_b if host_server_b | |
| default_backend backend_https_in | |
| backend backend_letsencrypt_http | |
| server letsencrypt 127.0.0.1:8080 | |
| backend backend_letsencrypt_https | |
| server letsencrypt 127.0.0.1:8443 | |
| backend backend_http_in | |
| mode http | |
| option forwardfor | |
| http-request set-header X-Forwarded-Port %[dst_port] | |
| server main_web_server main_web_server:80 | |
| backend backend_https_in | |
| mode http | |
| option forwardfor | |
| http-request set-header X-Forwarded-Port %[dst_port] | |
| server main_web_server main_web_server:80 | |
| backend backend_server_a | |
| mode http | |
| option forwardfor | |
| http-request set-header X-Forwarded-Port %[dst_port] | |
| server server_a server_a:80 | |
| backend backend_server_b | |
| mode http | |
| option forwardfor | |
| http-request set-header X-Forwarded-Port %[dst_port] | |
| server server_b server_b:80 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment