API tools faq
paste
Advertisement
ZaMaZaN4iK

Config with more frontends

ZaMaZaN4iK
Sep 21st, 2023
1,804
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 4.45 KB | None | 0 0
raw download clone embed print report
  1. # This configuration creates a classical reverse-proxy and load balancer for
  2. # public services. It presents ports 80 and 443 (with 80 redirecting to 443),
  3. # enables caching up to one hour, and load-balances the service on a farm of
  4. # 4 servers on private IP addresses which are checked using HTTP checks and
  5. # by maintaining stickiness via session cookies. It offloads TLS processing
  6. # and enables HTTP compression. It uses HAProxy 2.4.
  7.  
  8. # The global section deals with process-wide settings (security, resource usage)
  9. global
  10.         nbthread 2
  11.     # intermediate security for SSL, from https://ssl-config.mozilla.org/
  12.     ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  13.     ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
  14.     ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  15.  
  16. # default settings common to all HTTP proxies below
  17. defaults http
  18.     mode http
  19.     option httplog
  20.     log global
  21.     timeout client 1m
  22.     timeout server 1m
  23.     timeout connect 10s
  24.     timeout http-keep-alive 2m
  25.     timeout queue 15s
  26.     timeout tunnel 4h  # for websocket
  27.  
  28. # provide a stats page on port 8181
  29. frontend stats
  30.     bind :8181
  31.     # provide advanced stats (ssl, h2, ...)
  32.     stats uri /
  33.     stats show-modules
  34.     # some users may want to protect the access to their stats and/or to
  35.     # enable admin mode on the page from local networks
  36.     #  stats auth admin:mystats
  37.     #  stats admin if { src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 }
  38.  
  39. # First incoming public service. Supports HTTP/1.x, HTTP/2, and HTTP/3 over
  40. # QUIC when built in, uses HSTS, redirects clear to TLS. Uses a dedicated host
  41. # name for the stats page.
  42. frontend pub1
  43.     bind :8080 name clear
  44.     option socket-stats  # provide per-bind line stats
  45.  
  46.     # set HSTS for one year after all responses
  47.     http-after-response set-header Strict-Transport-Security "max-age=31536000"
  48.     http-request redirect scheme https code 301 if !{ ssl_fc }
  49.  
  50.     # silently ignore connect probes and pre-connect without request
  51.     option http-ignore-probes
  52.  
  53.     # pass client's IP address to the server and prevent against attempts
  54.     # to inject bad contents
  55.     http-request del-header x-forwarded-for
  56.     option forwardfor
  57.  
  58.     # enable HTTP compression of text contents
  59.     compression algo deflate gzip
  60.     compression type text/ application/javascript application/xhtml+xml image/x-icon
  61.  
  62.     default_backend app1
  63.  
  64. frontend pub2
  65.         bind :8081 name clear
  66.         option socket-stats  # provide per-bind line stats
  67.  
  68.         # set HSTS for one year after all responses
  69.         http-after-response set-header Strict-Transport-Security "max-age=31536000"
  70.         http-request redirect scheme https code 301 if !{ ssl_fc }
  71.  
  72.         # silently ignore connect probes and pre-connect without request
  73.         option http-ignore-probes
  74.  
  75.         # pass client's IP address to the server and prevent against attempts
  76.         # to inject bad contents
  77.         http-request del-header x-forwarded-for
  78.         option forwardfor
  79.  
  80.         # enable HTTP compression of text contents
  81.         compression algo deflate gzip
  82.         compression type text/ application/javascript application/xhtml+xml image/x-icon
  83.  
  84.         default_backend app2
  85.  
  86.  
  87. backend app2
  88.         # Algorithm:
  89.         #  - roundrobin is usually better for short requests,
  90.         #  - leastconn is better for mixed slow ones, and long transfers,
  91.         #  - random is generally good when using multiple load balancers
  92.         balance random
  93.  
  94.         # abort if the client clicks on stop.
  95.         option abortonclose
  96.  
  97.         # insert a session cookie for user stickiness
  98.         cookie app1 insert indirect nocache
  99.  
  100.         # do not overload the servers (100 concurrent conns max each)
  101.         server srv1 127.0.0.1:80 cookie s1
  102.  
  103. # First application
  104. backend app1
  105.     # Algorithm:
  106.     #  - roundrobin is usually better for short requests,
  107.     #  - leastconn is better for mixed slow ones, and long transfers,
  108.     #  - random is generally good when using multiple load balancers
  109.     balance random
  110.  
  111.     # abort if the client clicks on stop.
  112.     option abortonclose
  113.  
  114.     # insert a session cookie for user stickiness
  115.     cookie app1 insert indirect nocache
  116.  
  117.     # do not overload the servers (100 concurrent conns max each)
  118.     server srv1 127.0.0.1:8081 cookie s1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!