Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- global
- log 127.0.0.1 local0 debug
- chroot /var/lib/haproxy
- stats socket /var/lib/haproxy/admin.sock level admin
- pidfile /var/lib/haproxy/pid
- stats timeout 30s
- daemon
- tune.ssl.default-dh-param 2048
- ssl-server-verify none
- crt-base /etc/ssl/certs/
- defaults
- log global
- option tcplog
- option http-server-close
- timeout connect 5000
- timeout client 50000
- timeout server 50000
- frontend stats
- bind *:9999
- mode http
- stats enable
- stats refresh 30s
- stats show-node
- stats auth admin:admin
- stats show-desc Super Awesome Stats Page! YAY!
- stats uri /haproxy?stats
- frontend http_front
- bind *:80
- default_backend http_back
- mode http
- # Placeholder with funny page. Do we need to redirect to pt 443?
- frontend https_Main
- bind *:443
- mode tcp
- mode tcp
- tcp-request inspect-delay 5s
- tcp-request content accept if { req_ssl_hello_type 1 }
- use_backend %[req.ssl_sni,lower,map_dom(/etc/haproxy/sni2backend.map,nonSNIhttps_back)]
- # Check the mapping for sni headers. If SNI info not fount, go to nonSNIhttps_back->nonSNIhttps_front
- frontend nonSNIhttps_front
- bind 127.0.0.1:9443 ssl crt test01.pem crt test02.pem
- mode http
- option forwardfor
- use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/domain2backend.map,http_back)]
- # This is the fallback to look for certs. If the domain is not found in the main FrontEnd, look here
- backend nonSNIhttps_back
- mode tcp
- server nonSNIhttps_front 127.0.0.1:9443 check check-ssl
- backend http_back
- mode http
- server localhost 127.0.0.1:9998 check
- backend test01
- mode http
- server test01 172.20.0.141:80 check
- backend test02
- mode http
- server test02 172.20.0.142:80 check
- backend dev42
- mode tcp
- server dev42 172.20.0.42:443 check
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement