forked from cmather/html5devconf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhaproxy.cfg
58 lines (53 loc) · 2.39 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# configuration for haproxy, a load balancer
# lives in: /etc/haproxy/haproxy.cfg
# very basic config that load balances port 80 to 8080 on the backend servers
global
daemon
maxconn 15000 # Max simultaneous connections from an upstream server
spread-checks 5 # Distribute health checks with some randomness
defaults
mode http
option abortonclose # abort request if client closes output channel while waiting
#option httpclose # add "Connection:close" header if it is missing
option http-server-close # (better according to https://tech.shareaholic.com/2012/10/26/haproxy-a-substitute-for-amazon-elb/)
option forwardfor # insert x-forwarded-for header so that app servers can see both proxy and client IPs
option redispatch # any server can handle any session - redistribute connections if a backend server goes down
timeout client 60s
timeout connect 9s
timeout server 30s
timeout check 5s
stats enable
stats uri /haproxy-stats #web frontend available at *:80/haproxy-stats
stats realm Haproxy\ Statistics
stats auth user:password
monitor-uri /haproxy-monitor # Returns 200 if we're up; real path redacted
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind *:80
reqadd X-Forwarded-Proto:\ http
default_backend servers
frontend ssl-http-in
bind *:443 ssl crt /etc/ssl/somekey.pemkey
reqadd X-Forwarded-Proto:\ https
default_backend servers
backend servers
redirect scheme https if !{ ssl_fc }
balance leastconn
cookie SERVERID insert indirect nocache maxidle 1h
option httpchk HEAD /index.html HTTP/1.0\r\nUser-Agent:\ HAProxy01
rspadd Access-Control-Allow-Origin:\ *
#
# Add a header for IE to bypass any compatibility mode settings.
rspadd X-UA-Compatible:IE=edge,chrome=1
# enumerate our running web instances, they should look like the line below:
# server webA 172.31.11.211:8080 cookie A check maxconn 5000
# Note: these are populated automatically from a template any time
# a new web server is brought online or taken out of the pool
server i-637caa68 11.0.0.1:8080 cookie i-637caa68 check maxconn 5000
server i-e17aacea 11.0.0.2:8080 cookie i-e17aacea check maxconn 5000