tofarley · October 16, 2018 19:17
diff --git a/haproxy.cfg b/haproxy.cfg
 global
    ca-base /etc/ssl/certs

    log 127.0.0.1 local0
    daemon
    maxconn 256

 defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    option forwardfor
    option http-server-close

 frontend packages
    bind *:80
    default_backend my-backend
    
    # /cloudpassage
    acl p_cloudpassage path_beg /cloudpassage/
    use_backend cloudpassage if p_cloudpassage

 backend cloudpassage
    server cloudpassage production.packages.cloudpassage.com:443 ssl ca-file ca-bundle.crt verifyhost production.packages.cloudpassage.com

    # /cloudpassage/cphalo-LATEST-win64.exe ===> https://packages.cloudpassage.com/windows/cphalo-4.2.2-win64.exe
    acl p_cpwin path_beg /cloudpassage/cphalo-LATEST-win
    http-request set-path %[path,regsub(/cloudpassage/cphalo-LATEST,/windows/cphalo-4.2.2)] if p_cpwin

    # /cloudpassage/cloudpassage.packages.key ===> https://packages.cloudpassage.com/cloudpassage.packages.key
    acl p_cpkey path /cloudpassage/cloudpassage.packages.key

    # NOTE(kgriffs): We should avoid proxying repo requests unless for some reason the customer
    #   refuses to open a route to packages.cloudpassage.com:443 in their firewall. That way, we
    #   aren't on the critical path each time someone does a yum update.
    #
    # /cloudpassage/debian/* ===> https://packages.cloudpassage.com/debian/*
    # /cloudpassage/redhat/* ===> https://packages.cloudpassage.com/redhat/*
    acl p_cprepo path_reg /cloudpassage/(debian|redhat)/

    http-request set-path %[path,regsub(/cloudpassage/,/)] if p_cpkey or p_cprepo

 backend my-backend
    balance roundrobin
    server app01 127.0.0.1:8080 check
    server app02 127.0.0.1:8080 check
	global
	ca-base /etc/ssl/certs

	log 127.0.0.1 local0
	daemon
	maxconn 256

	defaults
	mode http
	timeout connect 5000ms
	timeout client 50000ms
	timeout server 50000ms
	option forwardfor
	option http-server-close

	frontend packages
	bind *:80
	default_backend my-backend

	# /cloudpassage
	acl p_cloudpassage path_beg /cloudpassage/
	use_backend cloudpassage if p_cloudpassage

	backend cloudpassage
	server cloudpassage production.packages.cloudpassage.com:443 ssl ca-file ca-bundle.crt verifyhost production.packages.cloudpassage.com

	# /cloudpassage/cphalo-LATEST-win64.exe ===> https://packages.cloudpassage.com/windows/cphalo-4.2.2-win64.exe
	acl p_cpwin path_beg /cloudpassage/cphalo-LATEST-win
	http-request set-path %[path,regsub(/cloudpassage/cphalo-LATEST,/windows/cphalo-4.2.2)] if p_cpwin

	# /cloudpassage/cloudpassage.packages.key ===> https://packages.cloudpassage.com/cloudpassage.packages.key
	acl p_cpkey path /cloudpassage/cloudpassage.packages.key

	# NOTE(kgriffs): We should avoid proxying repo requests unless for some reason the customer
	# refuses to open a route to packages.cloudpassage.com:443 in their firewall. That way, we
	# aren't on the critical path each time someone does a yum update.
	#
	# /cloudpassage/debian/* ===> https://packages.cloudpassage.com/debian/*
	# /cloudpassage/redhat/* ===> https://packages.cloudpassage.com/redhat/*
	acl p_cprepo path_reg /cloudpassage/(debian\|redhat)/

	http-request set-path %[path,regsub(/cloudpassage/,/)] if p_cpkey or p_cprepo

	backend my-backend
	balance roundrobin
	server app01 127.0.0.1:8080 check
	server app02 127.0.0.1:8080 check