uncelvel · July 23, 2025 03:17
diff --git a/gistfile1.txt b/gistfile1.txt
 global
    #log 127.0.0.1 local0
    maxconn 32000
    user root
    group root
    stats timeout 30s
    tune.ssl.default-dh-param 2048
    ssl-default-bind-options ssl-min-ver TLSv1.2
    ssl-server-verify none
    tune.ssl.cachesize 100000
    tune.ssl.lifetime 600
    #Support TLS1.0-TLS1.3
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    daemon

 defaults
    #log global
    mode http
    option http-server-close
    #log stdout local0
    #log fd@1 local0
    #log stdout format raw local0
    option  dontlognull
    option httplog
    retries 3
    option redispatch
    #http-reuse always
    timeout http-request 10s
    timeout connect 5s
    timeout server 15m
    timeout client 15m
    timeout http-keep-alive 30s
    option forwardfor

 frontend http_in
    option httplog
    log stdout local1 info
    capture request header Referer len 200
    capture request header User-Agent len 200
    capture request header Host len 40
    capture request header request_id len 40
    capture request header ismobileapp len 40
    log-format '{"lt": "haproxy","full_url": "%HU","rt": "%Tr","st": "%ST","mt": "%HM","rmip": "%ci","rip": "%ci","bbs": "%B", "rf": "%[capture.req.hdr(0),json(utf8s)]", "ua": "%[capture.req.hdr(1),json(utf8s)]","host": "%[capture.req.hdr(2),json(utf8s)]","sn": "%H","tl": "%tr","rid": "%[capture.req.hdr(3),json(utf8s)]","imb": "%[capture.req.hdr(4),json(utf8s)]","haproxy":{"conn":{"act":"%ac","fe":"%fc","be":"%bc","srv":"%sc"}},"queue":{"backend":"%bq","srv":"%sq"},"backend_name": "%b"}'
    mode http
    bind :80 tfo
    http-request add-header X-Forwarded-Proto http
    acl https ssl_fc

    default_backend fpt-k8s-nodeport

 frontend https_in
    option httplog
    log stdout local1 info
    capture request header Referer len 200
    capture request header User-Agent len 200
    capture request header Host len 40
    capture request header request_id len 40
    capture request header ismobileapp len 40
    log-format '{"lt": "haproxy","full_url": "%HU","rt": "%Tr","st": "%ST","mt": "%HM","rmip": "%ci","rip": "%ci","bbs": "%B", "rf": "%[capture.req.hdr(0),json(utf8s)]", "ua": "%[capture.req.hdr(1),json(utf8s)]","host": "%[capture.req.hdr(2),json(utf8s)]","sn": "%H","tl": "%tr","rid": "%[capture.req.hdr(3),json(utf8s)]","imb": "%[capture.req.hdr(4),json(utf8s)]","haproxy":{"conn":{"act":"%ac","fe":"%fc","be":"%bc","srv":"%sc"}},"queue":{"backend":"%bq","srv":"%sq"},"backend_name": "%b"}'
    mode http
    bind :443 tfo ssl crt /opt/ssl/evisa.pem alpn h2,http/1.1
    timeout client 300s
    http-request add-header X-Forwarded-Proto https
    http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;

    default_backend k8s-nodeport

 backend k8s-nodeport
    balance leastconn
    mode    http
    timeout server 600s
    option  httpclose
    http-request set-header X-Real-IP %[src]
    # Backend Physical VMware
    server 1.1.1.1 1.1.1.1:31080 check inter 2s rise 3 fall 3 weight 36
    server 1.1.1.1 1.1.1.1:31080 check inter 2s rise 3 fall 3 weight 36
    # Backend OCN
    server 1.1.1.1 1.1.1.1:31080 check inter 2s rise 3 fall 3 weight 12
    server 1.1.1.1 1.1.1.1:31080 check inter 2s rise 3 fall 3 weight 12

 listen stats
    bind 0.0.0.0:8382
    http-request use-service prometheus-exporter if { path /metrics }
    mode http
    stats enable
    stats hide-version
    stats realm HAproxy-Statistics
    stats uri /ha-stats
    stats auth admin:lady_bug
    stats refresh 10s
	global
	#log 127.0.0.1 local0
	maxconn 32000
	user root
	group root
	stats timeout 30s
	tune.ssl.default-dh-param 2048
	ssl-default-bind-options ssl-min-ver TLSv1.2
	ssl-server-verify none
	tune.ssl.cachesize 100000
	tune.ssl.lifetime 600
	#Support TLS1.0-TLS1.3
	ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	daemon

	defaults
	#log global
	mode http
	option http-server-close
	#log stdout local0
	#log fd@1 local0
	#log stdout format raw local0
	option dontlognull
	option httplog
	retries 3
	option redispatch
	#http-reuse always
	timeout http-request 10s
	timeout connect 5s
	timeout server 15m
	timeout client 15m
	timeout http-keep-alive 30s
	option forwardfor

	frontend http_in
	option httplog
	log stdout local1 info
	capture request header Referer len 200
	capture request header User-Agent len 200
	capture request header Host len 40
	capture request header request_id len 40
	capture request header ismobileapp len 40
	log-format '{"lt": "haproxy","full_url": "%HU","rt": "%Tr","st": "%ST","mt": "%HM","rmip": "%ci","rip": "%ci","bbs": "%B", "rf": "%[capture.req.hdr(0),json(utf8s)]", "ua": "%[capture.req.hdr(1),json(utf8s)]","host": "%[capture.req.hdr(2),json(utf8s)]","sn": "%H","tl": "%tr","rid": "%[capture.req.hdr(3),json(utf8s)]","imb": "%[capture.req.hdr(4),json(utf8s)]","haproxy":{"conn":{"act":"%ac","fe":"%fc","be":"%bc","srv":"%sc"}},"queue":{"backend":"%bq","srv":"%sq"},"backend_name": "%b"}'
	mode http
	bind :80 tfo
	http-request add-header X-Forwarded-Proto http
	acl https ssl_fc

	default_backend fpt-k8s-nodeport

	frontend https_in
	option httplog
	log stdout local1 info
	capture request header Referer len 200
	capture request header User-Agent len 200
	capture request header Host len 40
	capture request header request_id len 40
	capture request header ismobileapp len 40
	log-format '{"lt": "haproxy","full_url": "%HU","rt": "%Tr","st": "%ST","mt": "%HM","rmip": "%ci","rip": "%ci","bbs": "%B", "rf": "%[capture.req.hdr(0),json(utf8s)]", "ua": "%[capture.req.hdr(1),json(utf8s)]","host": "%[capture.req.hdr(2),json(utf8s)]","sn": "%H","tl": "%tr","rid": "%[capture.req.hdr(3),json(utf8s)]","imb": "%[capture.req.hdr(4),json(utf8s)]","haproxy":{"conn":{"act":"%ac","fe":"%fc","be":"%bc","srv":"%sc"}},"queue":{"backend":"%bq","srv":"%sq"},"backend_name": "%b"}'
	mode http
	bind :443 tfo ssl crt /opt/ssl/evisa.pem alpn h2,http/1.1
	timeout client 300s
	http-request add-header X-Forwarded-Proto https
	http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;

	default_backend k8s-nodeport

	backend k8s-nodeport
	balance leastconn
	mode http
	timeout server 600s
	option httpclose
	http-request set-header X-Real-IP %[src]
	# Backend Physical VMware
	server 1.1.1.1 1.1.1.1:31080 check inter 2s rise 3 fall 3 weight 36
	server 1.1.1.1 1.1.1.1:31080 check inter 2s rise 3 fall 3 weight 36
	# Backend OCN
	server 1.1.1.1 1.1.1.1:31080 check inter 2s rise 3 fall 3 weight 12
	server 1.1.1.1 1.1.1.1:31080 check inter 2s rise 3 fall 3 weight 12

	listen stats
	bind 0.0.0.0:8382
	http-request use-service prometheus-exporter if { path /metrics }
	mode http
	stats enable
	stats hide-version
	stats realm HAproxy-Statistics
	stats uri /ha-stats
	stats auth admin:lady_bug
	stats refresh 10s