You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

87 lines
2.8 KiB

log /dev/log local5
log /dev/log local5 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
maxconn 10000
# intermediate configuration
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-dh-param-file /etc/ssl/dhparam-haproxy
log global
mode http
option httplog
option dontlognull
timeout connect 1m
timeout client 200s
timeout server 200s
maxconn 9800
option abortonclose
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen stats
bind *:8088 ssl crt /etc/ssl/haproxy
stats enable
stats uri /
stats show-legends
stats show-node
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
http-request deny if !stats_access_ips
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
stats admin if stats_admin_ips
frontend https
bind *:80
bind *:443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
option forwardfor
# capture du domaine demandé pour les logs
capture request header Host len 32
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
# acl letsencrypt path_dir -i /.well-known/acme-challenge
# use_backend letsencrypt if letsencrypt
# Mode maintenance (### -> à décommenter)
acl maintenance_ips src -f /etc/haproxy/maintenance_ips
### use_backend maintenance unless maintenance_ips
default_backend web
backend web
balance roundrobin
#option httpchk HEAD /health-check
server local81 check observe layer7
server local82 check observe layer7
backend letsencrypt
server adm
backend maintenance
http-request set-log-level silent
errorfile 503 /etc/haproxy/errors/503.http