Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #---------------------------------------------------------------------
- # Global settings
- #---------------------------------------------------------------------
- global
- #log 127.0.0.1 local2 debug #Log configuration
- log 127.0.0.1 local2
- pidfile /var/run/haproxy.pid
- maxconn 4000
- nbproc 2
- cpu-map 1 0
- cpu-map 2 1
- user haproxy #Haproxy running under user and group "haproxy"
- group haproxy
- daemon
- # turn on stats unix socket
- stats socket /var/lib/haproxy/stats
- #---------------------------------------------------------------------
- # common defaults that all the 'listen' and 'backend' sections will
- # use if not designated in their block
- #---------------------------------------------------------------------
- defaults
- mode http
- log 127.0.0.1 local2
- log global
- option httplog
- option dontlognull
- option http-server-close
- option http-buffer-request
- option forwardfor
- option http-server-close
- option redispatch
- retries 3
- timeout http-request 10s
- timeout queue 1m
- timeout connect 10s
- timeout client 1m
- timeout server 1m
- timeout http-keep-alive 10s
- timeout check 10s
- #---------------------------------------------------------------------
- #AProxy Monitoring Config
- #---------------------------------------------------------------------
- listen stats
- bind 0.0.0.0:8443 ssl crt /etc/ssl/domain.cloud/domain.cloud.pem
- stats enable
- stats uri /
- stats hide-version
- stats admin if TRUE
- stats refresh 30s
- frontend HTTPFrontend
- bind 0.0.0.0:80
- mode tcp
- redirect scheme https if !{ ssl_fc }
- redirect scheme https code 301
- frontend SSLFrontend
- bind 0.0.0.0:443 ssl crt /etc/ssl/domain.cloud/domain.cloud.pem
- log 127.0.0.1 local2
- mode tcp
- #mode http
- option clitcpka
- # option tcplog
- option socket-stats
- log global
- option httplog
- # option nolinger
- maxconn 300
- #tcp-request inspect-delay 5s
- tcp-request content accept if { req_ssl_hello_type 1 }
- use_backend Unifi if { ssl_fc_sni -i unifi.handsoff.cloud }
- #---------------------------------------------------------------------
- # Unifi Configuration
- #---------------------------------------------------------------------
- backend Unifi
- redirect scheme https if !{ ssl_fc }
- server unifi.domain.cloud 10.50.3.6:8443 ssl verify none check
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement