API tools faq
paste
Guest User

Untitled

a guest
Oct 30th, 2018
302
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.49 KB | None | 0 0
raw download clone embed print report
  1. global
  2. log /dev/log local0
  3. log /dev/log local1 notice
  4. chroot /var/lib/haproxy
  5. stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
  6. stats timeout 30s
  7. user haproxy
  8. group haproxy
  9. daemon
  10.  
  11. # Default SSL material locations
  12. ca-base /etc/ssl/certs
  13. crt-base /etc/ssl/private
  14.  
  15. # Default ciphers to use on SSL-enabled listening sockets.
  16. # For more information, see ciphers(1SSL). This list is from:
  17. # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
  18. # An alternative list with additional directives can be obtained from
  19. # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
  20. ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
  21. ssl-default-bind-options no-sslv3
  22.  
  23. defaults
  24. log global
  25. mode http
  26. # mode tcp
  27. option httplog
  28. option dontlognull
  29. timeout connect 5000
  30. timeout client 50000
  31. timeout server 50000
  32. errorfile 400 /etc/haproxy/errors/400.http
  33. errorfile 403 /etc/haproxy/errors/403.http
  34. errorfile 408 /etc/haproxy/errors/408.http
  35. errorfile 500 /etc/haproxy/errors/500.http
  36. errorfile 502 /etc/haproxy/errors/502.http
  37. errorfile 503 /etc/haproxy/errors/503.http
  38. errorfile 504 /etc/haproxy/errors/504.http
  39.  
  40. frontend http-in
  41. bind 0.0.0.0:80
  42. acl site_1 hdr(host) -i domain1.tld
  43. acl site_2 hdr(host) -i domain2.tld
  44.  
  45. ## figure out which one to use
  46. use_backend site_001 if site_1
  47. use_backend site_002 if site_2
  48.  
  49. frontend https-in
  50. mode tcp
  51. option tcplog
  52. bind :443 ssl crt /var/lib/haproxy/private/
  53. tcp-request inspect-delay 5s
  54. tcp-request content accept if { req_ssl_hello_type 1 }
  55. use_backend ssl_site_001 if { req_ssl_sni -i domain1.tld }
  56. use_backend ssl_site_002 if { req_ssl_sni -i domain2.tld }
  57.  
  58. backend site_001
  59. option forwardfor
  60. server node1 192.168.0.55:80
  61.  
  62. backend site_002
  63. option forwardfor
  64. server node1 192.168.0.58:80
  65.  
  66. backend ssl_site_001
  67. mode tcp
  68. option ssl-hello-chk
  69. server node1 192.168.0.55:443
  70.  
  71. backend ssl_site_002
  72. mode tcp
  73. option ssl-hello-chk
  74. server node1 192.168.0.58:443
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!