haproxy config

gistfile1.txt

global
log 127.0.0.1 local2 info
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600 level admin

#debug

defaults
mode http
log global

option httplog
option dontlognull
option forwardfor
option http-server-close
option redispatch

timeout http-request 10s
timeout queue 1m
timeout connect 5s
timeout client 2m
timeout server 2m
timeout http-keep-alive 10s
timeout check 5s
retries 3

compression algo gzip
compression type text/html text/html;charset=utf-8 text/plain text/css text/javascript application/x-javascript application/javascript application/ecmascript application/rss+xml application/atomsvc+xml application/atom+xml application/atom+xml;type=entry application/atom+xml;type=feed application/cmisquery+xml application/cmisallowableactions+xml application/cmisatom+xml application/cmistree+xml application/cmisacl+xml application/msword application/vnd.ms-excel application/vnd.ms-powerpoint

errorfile 400 /var/www/html/errors/400.http
errorfile 403 /var/www/html/errors/403.http
errorfile 408 /var/www/html/errors/408.http
errorfile 500 /var/www/html/errors/500.http
errorfile 502 /var/www/html/errors/502.http
errorfile 503 /var/www/html/errors/503.http
errorfile 504 /var/www/html/errors/504.http

# Front end for http to https redirect
frontend http
bind *:80
redirect location https://envmy.company.com/share

# Main front end
frontend https 
bind *:443 ssl crt /etc/haproxy/company.com.pem

# ACL for backend mapping based on host header
acl is_my hdr_end(host) -i envmy.company.com
acl is_api hdr_end(host) -i envapi.company.com
acl is_a hdr_end(host) -i enva.company.com
acl is_webdav hdr_end(host) -i envwebdav.company.com
acl is_sp hdr_end(host) -i envsp.company.com

# ACL for backend mapping based on url paths
acl is_l7auth path_reg ^/auth/oauth/versions/2/.*
acl robots path_reg ^/robots.txt$
acl app_path path_reg ^/app/.*
acl share_path path_reg ^/share/.*/proxy/app/api/solr/.*
acl share_redirect path_reg ^$|^/$

# Changes to header responses
rspirep ^Location:\s*http://.*?\.company.com(/.*)$ Location:\ \1
rspirep ^Location:(.*\?\w+=)http(%3a%2f%2f.*?\.company.com%2f.*)$ Location:\ \1https\2
rspadd Strict-Transport-Security:\ max-age=15768000

# Blocked paths
block if app_path is_my

# Redirects
redirect location /share if share_redirect is_my

# List of backends
use_backend S3 if robots
use_backend layer7 if is_l7auth
use_backend share if is_my
use_backend api if is_api
use_backend api if is_a
use_backend webdav if is_webdav
use_backend sharepoint if is_sp

default_backend share

backend share

# Enable the cool stats page only on share backend
stats enable
stats hide-version
stats auth admin:*********
stats uri       /monitor
stats refresh   5s

option httpchk GET /share
server tomcat1 envappn1.app.pri:8080 cookie share1 check inter 5000
server tomcat2 envappn2.app.pri:8080 cookie share2 check inter 5000
server tomcat3 envappn3.app.pri:8080 cookie share3 check inter 5000
appsession JSESSIONID len 52 timeout 3h

backend api
balance source
option httpchk GET /app
reqrep ^([^\ ]*)\ /(.*) \1\ /app/publicapi/\2
server tomcat1 envappn1.app.pri:8080 check inter 5000
server tomcat2 envappn2.app.pri:8080 check inter 5000
server tomcat3 envappn3.app.pri:8080 check inter 5000

backend webdav
option httpchk GET /app
reqrep ^([^\ ]*)\ /(.*) \1\ /app/webdav/\2
server tomcat1 envappn1.app.pri:8080 check inter 5000
server tomcat2 envappn2.app.pri:8080 check inter 5000
server tomcat3 envappn3.app.pri:8080 check inter 5000

backend sharepoint
server tomcat1 envappn1.app.pri:7070 cookie share1 check inter 5000
server tomcat2 envappn2.app.pri:7070 cookie share2 check inter 5000
server tomcat3 envappn3.app.pri:7070 cookie share3 check inter 5000
appsession VTISESSIONID len 52 timeout 3h

backend layer7
server qa-layer7.app.pri qa-layer7.app.pri:8443 check inter 5000 ssl

backend S3
reqirep  ^Host:   Host:\ s3.amazonaws.com
reqrep  ^([^\ ]*)\ /(.*) \1\ /app-static/\2
server CDN  s3.amazonaws.com:80 check inter 5000
reqidel ^Authorization:.*