-
-
Save sanfx/bf4f77a602f53e9eaf50d004689e7f14 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
log /dev/log local0 | |
log /dev/log local1 notice | |
chroot /var/lib/haproxy | |
stats socket /run/haproxy/admin.sock mode 660 level admin | |
stats timeout 30s | |
user haproxy | |
group haproxy | |
daemon | |
# Default SSL material locations | |
ca-base /etc/ssl/certs | |
crt-base /etc/ssl/private | |
# Default ciphers to use on SSL-enabled listening sockets. | |
# For more information, see ciphers(1SSL). This list is from: | |
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS | |
ssl-default-bind-options no-sslv3 | |
#defaults | |
# log global | |
# mode http | |
# option httplog | |
# option dontlognull | |
# timeout connect 5000 | |
# timeout client 50000 | |
# timeout server 50000 | |
# errorfile 400 /etc/haproxy/errors/400.http | |
# errorfile 403 /etc/haproxy/errors/403.http | |
# errorfile 408 /etc/haproxy/errors/408.http | |
# errorfile 500 /etc/haproxy/errors/500.http | |
# errorfile 502 /etc/haproxy/errors/502.http | |
# errorfile 503 /etc/haproxy/errors/503.http | |
# errorfile 504 /etc/haproxy/errors/504.http | |
defaults REDIS | |
mode tcp | |
timeout connect 4s | |
timeout server 15s | |
timeout client 15s | |
# timeout tunnel 365d | |
frontend ft_redis_master | |
bind *:5000 name redis | |
default_backend bk_redis_master | |
backend bk_redis_master | |
option tcp-check | |
#tcp-check send AUTH\ mypassword\r\n | |
#tcp-check expect string +OK | |
tcp-check send PING\r\n | |
tcp-check expect string +PONG | |
tcp-check send info\ replication\r\n | |
tcp-check expect string role:master | |
tcp-check send QUIT\r\n | |
tcp-check expect string +OK | |
server R1 174.0.0.1:6379 check inter 1s | |
server R2 174.0.0.2:6379 check inter 1s | |
server R3 174.0.0.3:6379 check inter 1s | |
server R4 174.0.0.4:6379 check inter 1s | |
listen stats 0.0.0.0:80 #Listen on all IP's on port 9000 | |
mode http | |
balance | |
timeout client 5000 | |
timeout connect 4000 | |
timeout server 30000 | |
#This is the virtual URL to access the stats page | |
stats uri /haproxy_stats | |
#Authentication realm. This can be set to anything. Escape space characters with a backslash. | |
stats realm HAProxy\ Statistics | |
#The user/pass you want to use. Change this password! | |
stats auth und3r:password | |
#This allows you to take down and bring up back end servers. | |
#This will produce an error on older versions of HAProxy. | |
stats admin if TRUE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment