Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- global
- log 127.0.0.1 local0 notice
- maxconn 2048
- user haproxy
- group haproxy
- # tune & ssl params to force diffie-hellman defaults, disallow most tls/poodle attacks, and restrict binders to secure ciphers
- tune.ssl.default-dh-param 4096
- ssl-default-bind-options no-sslv3 no-tls-tickets
- ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
- defaults
- log global
- mode http
- option forwardfor
- option http-server-close
- option clitcpka
- option httplog
- option dontlognull
- option forwardfor except 127.0.0.1
- option httpchk GET /
- http-check disable-on-404
- retries 3
- option redispatch
- timeout connect 5000
- timeout client 10000
- timeout server 10000
- stats uri /haproxy?stats
- stats realm Strictly\ Private
- stats auth stats:6p&Dz$bGYhVfCwe!z9rP
- frontend catchAll
- bind :80
- bind :443 ssl crt-list /etc/haproxy/certs/pemList alpn h2
- mode http
- # Redirect www. URLs to non-www https URLs (Not working yet)
- acl does_use_www hdr(host) -m beg www.
- http-request redirect code 301 location %[hdr(host)] if does_use_www
- # Force HTTPS
- http-request set-header X-Forwarded-Proto https if { ssl_fc }
- redirect scheme https if !{ ssl_fc }
- # use_backend directives for each URL that HAProxy should handle
- use_backend blechinger.io_wordpressServers if { hdr(host) -i blechinger.io }
- use_backend blechinger.io_wordpressServers if { hdr(host) -i blog.blechinger.io }
- use_backend blechinger.io_wordpressServers if { hdr(host) -i gamenight.blechinger.io }
- use_backend blechinger.io_pterodactylServers if { hdr(host) -i pterodactyl.blechinger.io }
- use_backend rachelreagan.com_wordpressServers if { hdr(host) -i rachelreagan.com }
- use_backend exponentialnews.net_wordpressServers if { hdr(host) -i exponentialnews.net }
- use_backend kylejohnson.io_wordpressServers if { hdr(host) -i kylejohnson.io }
- backend blechinger.io_wordpressServers
- mode http
- balance uri
- option forwardfor
- http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;
- server pnWordpress01 10.0.10.200:80 check
- http-request set-header X-Forwarded-Port %[dst_port]
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
- backend blechinger.io_pterodactylServers
- mode http
- balance uri
- option forwardfor
- http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;
- server pnWordpress01 10.1.51.100:80 check
- http-request set-header X-Forwarded-Port %[dst_port]
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
- backend rachelreagan.com_wordpressServers
- mode http
- balance uri
- option forwardfor
- http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;
- server pnWordpress01 10.0.10.200:80 check
- http-request set-header X-Forwarded-Port %[dst_port]
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
- backend exponentialnews.net_wordpressServers
- mode http
- balance uri
- option forwardfor
- http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;
- server pnWordpress01 10.0.10.200:80 check
- http-request set-header X-Forwarded-Port %[dst_port]
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
- backend kylejohnson.io_wordpressServers
- mode http
- balance uri
- option forwardfor
- http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload;
- server pnWordpress01 10.0.10.200:80 check
- http-request set-header X-Forwarded-Port %[dst_port]
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
Add Comment
Please, Sign In to add comment