API tools faq
paste
Advertisement
Guest User

HAProxy Config Failed Clients

a guest
Feb 23rd, 2015
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.00 KB | None | 0 0
raw download clone embed print report
  1. global
  2. # log on 127.0.0.1 udp port 514 (def.) using local0
  3. log 127.0.0.1 local2
  4. maxconn 30000
  5. user haproxy
  6. group haproxy
  7. daemon
  8. nbproc 1
  9. pidfile /var/run/haproxy.pid
  10. stats socket /var/run/socket-haproxy
  11. tune.ssl.default-dh-param 1024
  12.  
  13. defaults
  14. log global
  15. mode http
  16. option httplog
  17. option http-server-close
  18. option redispatch
  19. #option accept-invalid-http-request
  20. timeout client 60s
  21. timeout server 60s
  22. timeout connect 20s
  23. timeout http-keep-alive 15s
  24. timeout http-request 60s
  25.  
  26. #
  27. # Stats
  28. #
  29. stats enable
  30. stats uri /stats
  31. stats realm Haproxy\ Statistics
  32. stats auth CENSOR:CENSORED
  33. stats refresh 10s
  34.  
  35. frontend https_frontend
  36. bind *:443 ssl crt /etc/ssl/certs/cw_policy_server_cert_plus_key.pem ciphers AES128-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK no-sslv3 verify optional crt-ignore-err all ca-file /etc/ssl/certs/cw_client_ca.pem
  37. # Full compat TEST
  38. # bind *:443 ssl crt /etc/ssl/certs/cw_policy_server_cert_plus_key.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ecdhe secp384r1
  39. mode http
  40. option httpclose
  41. option forwardfor
  42. http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1,hex]
  43. reqadd X-Forwarded-Proto:\ https
  44. default_backend http_policy_server
  45.  
  46. frontend http_frontend
  47. bind *:80
  48. mode http
  49. option httpclose
  50. option forwardfor
  51. default_backend http_policy_server
  52.  
  53. backend http_policy_server
  54. mode http
  55. #option httplog
  56. balance leastconn
  57. server policy1 10.3.3.3:80
  58. server policy2 10.3.3.3:80
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!