Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@app config]# cat haproxy.cfg
- global
- log 127.0.0.1 local2
- lua-load /usr/local/etc/haproxy/acme-http01-webroot.lua
- chroot /jail
- ssl-default-bind-ciphers AES256+EECDH:AES256+EDH:!aNULL;
- tune.ssl.default-dh-param 4096
- defaults
- mode http
- timeout connect 5000ms
- timeout client 50000ms
- timeout server 50000ms
- option tcplog
- option forwardfor
- option http-server-close
- frontend http-in
- bind *:80
- mode http
- acl url_acme_http01 path_beg /.well-known/acme-challenge/
- http-request use-service lua.acme-http01 if METH_GET url_acme_http01
- redirect scheme https code 301 if !{ ssl_fc }
- frontend ft_ssl_vip
- mode http
- bind *:443 ssl crt /usr/local/etc/haproxy/certs/ no-sslv3 no-tls-tickets no-tlsv10 no-tlsv11
- rspadd Strict-Transport-Security:\ max-age=15768000
- use_backend testproxy_backend if { ssl_fc_sni testproxy.test.com }
- use_backend jira_backend if { ssl_fc_sni jira.test.com }
- backend testproxy_backend
- mode http
- server Proxy-Handler handler:80 check
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
- backend jira_backend
- mode http
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
- server Local 192.168.19.40:8443 check
- frontend stats
- bind :1936
- mode http
- maxconn 1
- stats uri /
Advertisement
Add Comment
Please, Sign In to add comment
