ajout de haproxy
This commit is contained in:
parent
9db7f52caa
commit
0233bffd50
86
haproxy.cfg
Normal file
86
haproxy.cfg
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
global
|
||||||
|
log /dev/log local5
|
||||||
|
log /dev/log local5 notice
|
||||||
|
chroot /var/lib/haproxy
|
||||||
|
stats socket /run/haproxy/admin.sock mode 660 level admin
|
||||||
|
stats timeout 30s
|
||||||
|
user haproxy
|
||||||
|
group haproxy
|
||||||
|
daemon
|
||||||
|
maxconn 10000
|
||||||
|
|
||||||
|
# intermediate configuration https://ssl-config.mozilla.org/
|
||||||
|
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
||||||
|
|
||||||
|
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
||||||
|
|
||||||
|
ssl-dh-param-file /etc/ssl/dhparam-haproxy
|
||||||
|
|
||||||
|
defaults
|
||||||
|
log global
|
||||||
|
mode http
|
||||||
|
option httplog
|
||||||
|
option dontlognull
|
||||||
|
timeout connect 1m
|
||||||
|
timeout client 200s
|
||||||
|
timeout server 200s
|
||||||
|
|
||||||
|
maxconn 9800
|
||||||
|
|
||||||
|
option abortonclose
|
||||||
|
|
||||||
|
errorfile 400 /etc/haproxy/errors/400.http
|
||||||
|
errorfile 403 /etc/haproxy/errors/403.http
|
||||||
|
errorfile 408 /etc/haproxy/errors/408.http
|
||||||
|
errorfile 500 /etc/haproxy/errors/500.http
|
||||||
|
errorfile 502 /etc/haproxy/errors/502.http
|
||||||
|
errorfile 503 /etc/haproxy/errors/503.http
|
||||||
|
errorfile 504 /etc/haproxy/errors/504.http
|
||||||
|
|
||||||
|
listen stats
|
||||||
|
bind *:8088 ssl crt /etc/ssl/haproxy
|
||||||
|
|
||||||
|
stats enable
|
||||||
|
stats uri /
|
||||||
|
stats show-legends
|
||||||
|
stats show-node
|
||||||
|
|
||||||
|
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
||||||
|
http-request deny if !stats_access_ips
|
||||||
|
|
||||||
|
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
||||||
|
stats admin if stats_admin_ips
|
||||||
|
|
||||||
|
frontend https
|
||||||
|
bind *:80
|
||||||
|
bind *:443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
|
||||||
|
|
||||||
|
option forwardfor
|
||||||
|
# capture du domaine demandé pour les logs
|
||||||
|
capture request header Host len 32
|
||||||
|
|
||||||
|
reqadd X-Forwarded-Proto:\ https
|
||||||
|
|
||||||
|
# acl letsencrypt path_dir -i /.well-known/acme-challenge
|
||||||
|
# use_backend letsencrypt if letsencrypt
|
||||||
|
|
||||||
|
# Mode maintenance (### -> à décommenter)
|
||||||
|
acl maintenance_ips src -f /etc/haproxy/maintenance_ips
|
||||||
|
### use_backend maintenance unless maintenance_ips
|
||||||
|
|
||||||
|
default_backend web
|
||||||
|
|
||||||
|
backend web
|
||||||
|
balance roundrobin
|
||||||
|
#option httpchk HEAD /health-check
|
||||||
|
server local81 127.0.0.1:81 check observe layer7
|
||||||
|
server local82 127.0.0.1:82 check observe layer7
|
||||||
|
|
||||||
|
backend letsencrypt
|
||||||
|
server adm 192.168.3.2
|
||||||
|
|
||||||
|
backend maintenance
|
||||||
|
http-request set-log-level silent
|
||||||
|
errorfile 503 /etc/haproxy/errors/503.http
|
Loading…
Reference in a new issue