Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- global
- daemon
- #log /dev/log local0
- #log /dev/log local1 notice
- log /dev/log syslog debug
- pidfile /var/run/haproxy.pid
- nbproc 2 #no of processes
- maxconn 128000
- user haproxy
- group haproxy
- defaults
- log global
- option log-health-checks
- # make sure log-format is on a single line
- log-format {"type":"haproxy","timestamp":%Ts,"http_status":%ST,"http_request":"%r","remote_addr":"%ci","bytes_read":%B,"upstream_addr":"%si","backend_name":"%b","retries":%rc,"bytes_uploaded":%U,"upstream_response_time":"%Tr","upstream_connect_time":"%Tc","session_duration":"%Tt","termination_state":"%ts"}
- mode http
- option httplog
- option dontlognull
- option http-keep-alive
- option http-tunnel
- timeout connect 5000
- timeout client 50000
- timeout server 50000
- errorfile 400 /etc/haproxy/errors/400.http
- errorfile 403 /etc/haproxy/errors/403.http
- errorfile 408 /etc/haproxy/errors/408.http
- errorfile 500 /etc/haproxy/errors/500.http
- errorfile 502 /etc/haproxy/errors/502.http
- errorfile 503 /etc/haproxy/errors/503.http
- errorfile 504 /etc/haproxy/errors/504.http
- # the 1.1.1.1 ip address in the acl's below is a BODGE
- # it's there to make the GO template script easier
- # and will be removed when things are stabilised
- # :)
- frontend http-in
- bind *:8080
- acl permitted_ip src 10.0.0.1 10.0.0.2 81.157.241.158 80.4.177.237 81.150.38.177
- tcp-request inspect-delay 5s
- tcp-request connection reject if !permitted_ip
- # this should really be multiple acl statetments. large counts may overflow line buffer
- acl amazon_GB_users src 1.1.1.1 10.0.2.3 10.0.0.1
- # this should really be multiple acl statetments. large counts may overflow line buffer
- acl hulu_GB_users src 1.1.1.1
- # this should really be multiple acl statetments. large counts may overflow line buffer
- acl netflix_GB_users src 1.1.1.1
- # this should really be multiple acl statetments. large counts may overflow line buffer
- acl wtf_GB_users src 1.1.1.1 81.150.38.177 80.4.177.237
- use_backend GB_server_80 if { req.hdr(host) -i amazon.com AND amazon_GB_users }
- use_backend GB_server_80 if { req.hdr(host) -i amazon.com AND hulu_GB_users }
- use_backend GB_server_80 if { req.hdr(host) -i hulu.com AND netflix_GB_users }
- use_backend GB_server_80 if { req.hdr(host) -i www.wtfismyip.com AND wtf_GB_users }
- # this should really be multiple acl statetments. large counts may overflow line buffer
- acl amazon_US_users src 1.1.1.1 10.0.2.1 10.0.2.2
- # this should really be multiple acl statetments. large counts may overflow line buffer
- acl hulu_US_users src 1.1.1.1 10.0.2.1 10.0.2.2
- # this should really be multiple acl statetments. large counts may overflow line buffer
- acl netflix_US_users src 1.1.1.1 10.0.0.1 10.0.0.2
- # this should really be multiple acl statetments. large counts may overflow line buffer
- acl wtf_US_users src 1.1.1.1 81.157.241.158
- use_backend US_server_80 if { req.hdr(host) -i amazon.com AND amazon_US_users }
- use_backend US_server_80 if { req.hdr(host) -i amazon.com AND hulu_US_users }
- use_backend US_server_80 if { req.hdr(host) -i hulu.com AND netflix_US_users }
- use_backend US_server_80 if { req.hdr(host) -i www.wtfismyip.com AND wtf_US_users }
- backend GB_server_80
- server GB_server_80_0 46.101.6.173:8080 check
- backend US_server_80
- server US_server_80_0 107.170.60.217:8080 check
- frontend https-in
- bind *:8443
- mode tcp
- option tcplog
- log global
- acl permitted_ip src 10.0.0.1 10.0.0.2 81.157.241.158 80.4.177.237 81.150.38.177
- tcp-request inspect-delay 5s
- tcp-request connection reject if !permitted_ip
- tcp-request content accept if { req_ssl_hello_type 1 }
- acl amazon_GB_users src 1.1.1.1 10.0.2.3 10.0.0.1
- acl hulu_GB_users src 1.1.1.1
- acl netflix_GB_users src 1.1.1.1
- acl wtf_GB_users src 1.1.1.1 81.150.38.177 80.4.177.237
- use_backend GB_server_443 if { req_ssl_sni -i amazon.com AND amazon_GB_users }
- use_backend GB_server_443 if { req_ssl_sni -i amazon.com AND hulu_GB_users }
- use_backend GB_server_443 if { req_ssl_sni -i hulu.com AND netflix_GB_users }
- use_backend GB_server_443 if { req_ssl_sni -i www.wtfismyip.com AND wtf_GB_users }
- acl amazon_US_users src 1.1.1.1 10.0.2.1 10.0.2.2
- acl hulu_US_users src 1.1.1.1 10.0.2.1 10.0.2.2
- acl netflix_US_users src 1.1.1.1 10.0.0.1 10.0.0.2
- acl wtf_US_users src 1.1.1.1 81.157.241.158
- use_backend US_server_443 if { req_ssl_sni -i amazon.com AND amazon_US_users }
- use_backend US_server_443 if { req_ssl_sni -i amazon.com AND hulu_US_users }
- use_backend US_server_443 if { req_ssl_sni -i hulu.com AND netflix_US_users }
- use_backend US_server_443 if { req_ssl_sni -i www.wtfismyip.com AND wtf_US_users }
- backend GB_server_443
- log global
- mode tcp
- server GB_server_443_0 46.101.6.173:8443 check
- backend US_server_443
- log global
- mode tcp
- server US_server_443_0 107.170.60.217:8443 check
- listen MyStats
- mode http
- bind 0.0.0.0:1000
- stats enable
- stats uri /
- stats refresh 5s
- stats show-node
- stats show-legends
- # if authentication is wanted
- acl auth_ok http_auth(stats-auth)
- http-request auth unless auth_ok
- userlist stats-auth
- user admin insecure-password p4ss
- root@16049e6556cb:/etc/haproxy#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement