Skip to content

Instantly share code, notes, and snippets.

@vothanhkiet
Forked from christiannelson/haproxy-ssl.cfg
Created February 16, 2016 05:11
Show Gist options
  • Save vothanhkiet/ec9181a6473c99529567 to your computer and use it in GitHub Desktop.
Save vothanhkiet/ec9181a6473c99529567 to your computer and use it in GitHub Desktop.
HAProxy Configurations
# References:
# http://blog.mixu.net/2011/08/13/nginx-websockets-ssl-and-socket-io-deployment/
# http://blog.exceliance.fr/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/
#
global
nbproc 2
maxconn 16384
defaults
maxconn 16384
timeout connect 5s
timeout queue 5s
timeout server 30s
timeout tunnel 1h
frontend www
bind 0.0.0.0:80
mode http
timeout client 5s
redirect scheme https if !{ ssl_fc }
frontend wwws
bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem
timeout client 1h
default_backend www_backend
acl is_websocket hdr(Upgrade) -i WebSocket
use_backend websocket_backend if is_websocket
tcp-request inspect-delay 500ms
tcp-request content accept if HTTP
use_backend flashsocket_backend if !HTTP
frontend flash_policy
bind 0.0.0.0:843
timeout client 5s
default_backend nodejs_flashpolicy
backend www_backend
mode http
stats enable
stats uri /haproxy
option forwardfor
reqadd x-forwarded-proto:\ https
server server1 www-backend:3000 weight 1 maxconn 16384 check
backend websocket_backend
mode http
option forwardfor
option http-server-close
option forceclose
no option httpclose
server server1 socket-backend:3000 weight 1 maxconn 16384 check
backend flashsocket_backend
server server1 socket-backend:3000 weight 1 maxconn 16384 check
backend nodejs_flashpolicy
server server1 www-backend:10843 maxconn 16384 check
# References:
# http://blog.mixu.net/2011/08/13/nginx-websockets-ssl-and-socket-io-deployment/
#
global
nbproc 1
maxconn 65536
defaults
timeout connect 5s
timeout queue 5s
timeout server 30s
timeout tunnel 1h
frontend flash_policy
bind 0.0.0.0:843
timeout client 5s
default_backend nodejs_flashpolicy
frontend wwws
bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem
mode http
timeout client 5s
redirect prefix http://ovee.itvs.org
frontend www
bind 0.0.0.0:80
timeout client 1h
default_backend www_backend
# Is it a web or flash socket?
acl is_websocket hdr(Upgrade) -i WebSocket
use_backend websocket_backend if is_websocket
tcp-request inspect-delay 500ms
tcp-request content accept if HTTP
use_backend flashsocket_backend if !HTTP
backend nodejs_flashpolicy
server server1 backend:10843 maxconn 8192 check
backend www_backend
mode http
stats enable
stats uri /haproxy
option forwardfor
server server1 backend:3000 weight 1 maxconn 8192 check
backend websocket_backend
mode http
option forwardfor
option http-server-close
option forceclose
no option httpclose
server server1 backend:3000 weight 1 maxconn 8192 check
backend flashsocket_backend
server server1 backend:3000 weight 1 maxconn 8192 check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment