#--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats level admin #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- #frontend main *:5000 # acl url_static path_beg -i /static /images /javascript /stylesheets # acl url_static path_end -i .jpg .gif .png .css .js # # use_backend static if url_static # default_backend app #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- #backend static # balance roundrobin # server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- #backend app # balance roundrobin # server app1 127.0.0.1:5001 check # server app2 127.0.0.1:5002 check # server app3 127.0.0.1:5003 check # server app4 127.0.0.1:5004 check listen stats bind *:8001 stats enable stats uri / stats refresh 5s #stats admin unless LOCALHOST #frontend web *:8000 # default_backend engine frontend web bind *:8000 ssl crt /etc/haproxy/easy-rsa/pki/private/dev01.dev.ententee.com.pem ca-file /etc/haproxy/easy-rsa/pki/ca.crt verify optional default_backend engine #backend engine # balance leastconn # stick-table type string size 1m expire 10m store http_req_rate(10m) # stick store-response hdr(sid) # stick match url_param(sid) # server engine01 172.22.6.1:7212 check # server engine02 172.22.6.2:7212 check backend engine balance leastconn #server engine01 167.86.111.195:443 check ssl verify none server engine01 127.0.0.1:4000 check http-request set-header Host zerx.ententee.com http-request set-header X-SSL %[ssl_fc] http-request set-header X-SSL-Client-DER %[ssl_c_der,hex] http-request set-header X-SSL-Client-Verify %[ssl_c_verify] http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1,hex] http-request set-header X-SSL-Client-DN %{+Q}[ssl_c_s_dn] http-request set-header X-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)] http-request set-header X-SSL-Issuer %{+Q}[ssl_c_i_dn] http-request set-header X-SSL-Client-Not-Before %{+Q}[ssl_c_notbefore] http-request set-header X-SSL-Client-Serial %{+Q}[ssl_c_serial,hex] http-request set-header X-SSL-Client-Version %{+Q}[ssl_c_version]