Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- global
- # log on 127.0.0.1 udp port 514 (def.) using local0
- log 127.0.0.1 local2
- maxconn 30000
- user haproxy
- group haproxy
- daemon
- nbproc 1
- pidfile /var/run/haproxy.pid
- stats socket /var/run/socket-haproxy
- tune.ssl.default-dh-param 1024
- defaults
- log global
- mode http
- option httplog
- option http-server-close
- option redispatch
- #option accept-invalid-http-request
- timeout client 60s
- timeout server 60s
- timeout connect 20s
- timeout http-keep-alive 15s
- timeout http-request 60s
- #
- # Stats
- #
- stats enable
- stats uri /stats
- stats realm Haproxy\ Statistics
- stats auth CENSOR:CENSORED
- stats refresh 10s
- frontend https_frontend
- bind *:443 ssl crt /etc/ssl/certs/cw_policy_server_cert_plus_key.pem ciphers AES128-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK no-sslv3 verify optional crt-ignore-err all ca-file /etc/ssl/certs/cw_client_ca.pem
- # Full compat TEST
- # bind *:443 ssl crt /etc/ssl/certs/cw_policy_server_cert_plus_key.pem ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ecdhe secp384r1
- mode http
- option httpclose
- option forwardfor
- http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1,hex]
- reqadd X-Forwarded-Proto:\ https
- default_backend http_policy_server
- frontend http_frontend
- bind *:80
- mode http
- option httpclose
- option forwardfor
- default_backend http_policy_server
- backend http_policy_server
- mode http
- #option httplog
- balance leastconn
- server policy1 10.3.3.3:80
- server policy2 10.3.3.3:80
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement