Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- global
- log /dev/log local0
- log /dev/log local1 notice
- chroot /var/lib/haproxy
- stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
- stats timeout 30s user haproxy
- group haproxy
- daemon
- # Default SSL material locations
- ca-base /etc/ssl/certs
- crt-base /etc/ssl/private
- # Default ciphers to use on SSL-enabled listening sockets.
- # For more information, see ciphers(1SSL). This list is from:
- # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
- # An alternative list with additional directives can be obtained from
- # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
- ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3
- defaults
- log global
- mode http
- option httplog
- option dontlognull
- option forwardfor
- option http-server-close
- timeout connect 5000
- timeout client 50000
- timeout server 50000
- errorfile 400 /etc/haproxy/errors/400.http
- errorfile 403 /etc/haproxy/errors/403.http
- errorfile 408 /etc/haproxy/errors/408.http
- errorfile 500 /etc/haproxy/errors/500.http
- errorfile 502 /etc/haproxy/errors/502.http
- errorfile 503 /etc/haproxy/errors/503.http
- errorfile 504 /etc/haproxy/errors/504.http
- frontend http_frontend bind *:80
- acl web_host1 hdr(host) -i jameswelch.me
- use_backend jamesWelch if web_host1
- backend jamesWelch
- balance leastconn
- http-request set-header X-Client-IP %[src]
- server jamesWelch jamesWelch.lxd:80 check
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement