haproxy config with better names
This commit is contained in:
parent
0b1ce5e35d
commit
d81d0a7307
|
@ -144,7 +144,7 @@ frontend external
|
|||
|
||||
http-response add-header X-Boost-Step1 "haproxy-external; client-https" if { ssl_fc }
|
||||
http-response add-header X-Boost-Step1 "haproxy-external; client-http" if !{ ssl_fc }
|
||||
http-response set-header X-Boost-Server {{ ansible_hostname }}
|
||||
http-response set-header X-Boost-Server my-hostname
|
||||
|
||||
# Debug: Enable this to add a full log line in the response
|
||||
### http-response add-header X-Haproxy-Log-external "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
|
||||
|
@ -160,15 +160,15 @@ frontend external
|
|||
use_backend letsencrypt if letsencrypt
|
||||
|
||||
# BEGIN frontend_external section for site 'example'
|
||||
acl example_domains hdr(host) -i example.com
|
||||
acl example_domains2 hdr(host) -i example.org www.example.org
|
||||
acl example_com_domains hdr(host) -i example.com
|
||||
acl example_com_domains2 hdr(host) -i example.org www.example.org
|
||||
### acl example_maintenance_ips src -f /etc/haproxy/example/maintenance_ips
|
||||
|
||||
# Redirect to HTTPS without Let's Encrypt certificate
|
||||
### redirect scheme https code 301 if example_domains !{ ssl_fc }
|
||||
### redirect scheme https code 301 if example_com_domains !{ ssl_fc }
|
||||
|
||||
# Redirect to HTTPS with Let's Encrypt certificate (exclude LE challenge from redirection)
|
||||
### redirect scheme https code 301 if example_domains !{ ssl_fc } !letsencrypt
|
||||
### redirect scheme https code 301 if example_com_domains !{ ssl_fc } !letsencrypt
|
||||
|
||||
# Redirect a domain to another without Let's encrypt certificate
|
||||
### redirect prefix https://example-to.org code 301 if { hdr(host) -i example-from.org }
|
||||
|
@ -177,20 +177,20 @@ frontend external
|
|||
### redirect prefix https://example-to.org code 301 if { hdr(host) -i example-from.org } !letsencrypt
|
||||
|
||||
# HSTS (31536000 seconds = 1 year)
|
||||
### http-response set-header Strict-Transport-Security max-age=31536000 if example_domains
|
||||
### http-response set-header Strict-Transport-Security max-age=31536000 if example_com_domains
|
||||
|
||||
# custom directives, all conditionned by at least the "example_domains" ACL
|
||||
### http-request deny if example_domains { src 1.2.3.4 }
|
||||
# custom directives, all conditionned by at least the "example_com_domains" ACL
|
||||
### http-request deny if example_com_domains { src 1.2.3.4 }
|
||||
|
||||
# routing directives, all conditionned by (at least) the "example_domains" ACL
|
||||
# routing directives, all conditionned by (at least) the "example_com_domains" ACL
|
||||
# Maintenance mode (### -> uncomment BUT define example_maintenance_ips acl before)
|
||||
### use_backend example_maintenance if example_domains !example_maintenance_ips !maintenance_ips
|
||||
### use_backend example_maintenance if example_com_domains !example_maintenance_ips !maintenance_ips
|
||||
|
||||
# Use Varnish if available
|
||||
use_backend varnish if example_domains varnish_available varnish_http_verb
|
||||
use_backend varnish if example_com_domains varnish_available varnish_http_verb
|
||||
|
||||
# … or use normal backend
|
||||
use_backend example if example_domains
|
||||
use_backend example_com if example_com_domains
|
||||
# END frontend_external section for site 'example'
|
||||
|
||||
default_backend goto_internal
|
||||
|
@ -228,10 +228,10 @@ frontend internal
|
|||
# END HTTP tagging
|
||||
|
||||
# BEGIN frontend_internal section for site 'example'
|
||||
acl example_domains hdr(host) -i example.com
|
||||
acl example_com_domains hdr(host) -i example.com
|
||||
|
||||
# routing directives, all conditionned by (at least) the "example_domains" ACL
|
||||
use_backend example if example_domains
|
||||
# routing directives, all conditionned by (at least) the "example_com_domains" ACL
|
||||
use_backend example_com if example_com_domains
|
||||
# END frontend_internal section for site 'example'
|
||||
|
||||
|
||||
|
@ -240,7 +240,7 @@ backend varnish
|
|||
server varnish_sock /run/varnish.sock check observe layer7 maxconn 3000 inter 1s send-proxy-v2
|
||||
|
||||
# BEGIN backend section for site 'example'
|
||||
backend example
|
||||
backend example_com
|
||||
errorfile 503 /etc/haproxy/sites/example/maintenance.http
|
||||
http-response set-header X-Boost-Proto https if { ssl_bc }
|
||||
http-response set-header X-Boost-Proto http if !{ ssl_bc }
|
||||
|
|
Loading…
Reference in a new issue