Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- global
- log /dev/log local0
- log /dev/log local1 notice
- chroot /var/lib/haproxy
- stats socket /run/haproxy/admin.sock mode 660 level admin
- stats timeout 30s
- user haproxy
- group haproxy
- daemon
- maxconn 4096
- tune.ssl.default-dh-param 4096
- # Default SSL material locations
- ca-base /etc/ssl/certs
- crt-base /etc/ssl/private
- # Default ciphers to use on SSL-enabled listening sockets.
- # For more information, see ciphers(1SSL). This list is from:
- # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
- ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
- ssl-default-bind-options no-sslv3
- defaults
- log global
- mode http
- option httplog
- option dontlognull
- timeout connect 5000
- timeout client 50000
- timeout server 50000
- errorfile 400 /etc/haproxy/errors/400.http
- errorfile 403 /etc/haproxy/errors/403.http
- errorfile 408 /etc/haproxy/errors/408.http
- errorfile 500 /etc/haproxy/errors/500.http
- errorfile 502 /etc/haproxy/errors/502.http
- errorfile 503 /etc/haproxy/errors/503.http
- errorfile 504 /etc/haproxy/errors/504.http
- option httpclose
- option redispatch
- frontend public
- bind 0.0.0.0:80
- acl is_sbnet hdr_end(host) -i silverbucket.net
- acl is_sbnet hdr_end(host) -i www.silverbucket.net
- acl is_67p hdr_end(host) -i 67p.io
- acl is_67p hdr_end(host) -i www.67p.io
- acl is_shdemo hdr_end(host) -i demo.sockethub.org
- acl is_webfinger path_beg -i /.well-known
- redirect location https://silverbucket.net if is_sbnet
- use_backend webfinger if is_webfinger
- use_backend 67p if is_67p
- use_backend shdemo if is_shdemo
- default_backend sbnet
- frontend public-ssl
- bind 0.0.0.0:443 ssl crt /etc/haproxy/fullchain_priv.pem ciphers ECDHE+aRSA+AES256+GCM+SHA384:ECDHE+aRSA+AES128+GCM+SHA256:ECDHE+aRSA+AES256+SHA384:ECDHE+aRSA+AES128+SHA256:ECDHE+aRSA+RC4+SHA:ECDHE+aRSA+AES256+SHA:ECDHE+aRSA+AES128+SHA:AES256+GCM+SHA384:AES128+GCM+SHA256:AES128+SHA256:AES256+SHA256:DHE+aRSA+AES128+SHA:RC4+SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
- acl is_sbnet hdr_end(host) -i silverbucket.net
- acl is_sbnet hdr_end(host) -i www.silverbucket.net
- acl is_67p hdr_end(host) -i 67p.io
- acl is_67p hdr_end(host) -i www.67p.io
- acl is_shdemo hdr_end(host) -i demo.sockethub.org
- acl is_webfinger path_beg -i /.well-known
- acl is_sockethub_path path_beg -i /sockethub
- use_backend sockethub if is_sockethub_path
- use_backend webfinger if is_webfinger
- use_backend sbnet if is_sbnet
- use_backend 67p if is_67p
- use_backend shdemo if is_shdemo
- default_backend sbnet
- backend sbnet
- timeout server 30s
- option httpclose
- option forwardfor
- server sbnet1 127.0.0.1:8083 #check
- backend 67p
- timeout server 30s
- option httpclose
- option forwardfor
- server sx1 127.0.0.1:8084 #check
- backend shdemo
- timeout server 30s
- option httpclose
- option forwardfor
- server sx1 127.0.0.1:8085 #check
- backend webfinger
- timeout server 30s
- option httpclose
- option forwardfor
- server wf1 127.0.0.1:9110
- backend sockethub
- timeout server 30s
- option httpclose
- option forwardfor
- #reqrep ^([^\ ]*)\ /sockethub/(.*) \1\ /\2
- reqrep ^([^\ ]*)\ /sockethub(.*) \1\ /sockethub\2
- server wf1 127.0.0.1:10550
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement