API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 25th, 2019
111
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.42 KB | None | 0 0
raw download clone embed print report
  1. # Automaticaly generated, dont edit manually.
  2. # Generated on: 2019-06-25 21:23
  3. global
  4. maxconn 100
  5. stats socket /tmp/haproxy.socket level admin expose-fd listeners
  6. uid 80
  7. gid 80
  8. nbproc 1
  9. nbthread 1
  10. hard-stop-after 15m
  11. chroot /tmp/haproxy_chroot
  12. daemon
  13. tune.ssl.default-dh-param 2048
  14. server-state-file /tmp/haproxy_server_state
  15. ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  16. ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  17. ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  18. ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  19.  
  20. listen HAProxyLocalStats
  21. bind 127.0.0.1:2200 name localstats
  22. mode http
  23. stats enable
  24. stats admin if TRUE
  25. stats show-legends
  26. stats uri /haproxy/haproxy_stats.php?haproxystats=1
  27. timeout client 5000
  28. timeout connect 5000
  29. timeout server 5000
  30.  
  31. frontend HTTPS-Edge-SNI
  32. bind 127.0.0.1:1443 name 127.0.0.1:1443 ssl crt-list /var/etc/haproxy/HTTPS-Edge-SNI.crt_list
  33. bind 192.168.5.1:443 name 192.168.5.1:443 ssl crt-list /var/etc/haproxy/HTTPS-Edge-SNI.crt_list
  34. bind /tmp/haproxy_chroot/HTTPS-Edge-SNI.socket name unixsocket uid 80 accept-proxy ssl crt-list /var/etc/haproxy/HTTPS-Edge-SNI.crt_list
  35. mode http
  36. log global
  37. option http-keep-alive
  38. timeout client 30000
  39. acl mail-acl var(txn.txnhost) -m str -i mail.apollon-domain.co.uk
  40. acl monitor-acl var(txn.txnhost) -m str -i monitor.apollon-domain.co.uk
  41. acl filter-acl var(txn.txnhost) -m str -i filter.apollon-domain.co.uk
  42. acl autodiscover-acl var(txn.txnhost) -m str -i autodiscover.apollon-domain.co.uk
  43. acl cloud-acl var(txn.txnhost) -m str -i cloud.apollon-domain.co.uk
  44. acl invoice-acl var(txn.txnhost) -m str -i invoice.apolloncomputerservice.co.uk
  45. acl blog-acl var(txn.txnhost) -m str -i blog.apollon-domain.co.uk
  46. acl www-acl var(txn.txnhost) -m str -i www.apolloncomputerservice.co.uk
  47. acl www-redirect var(txn.txnhost) -m str -i apolloncomputerservice.co.uk
  48. acl mail-owa var(txn.txnpath) -m beg -i /owa
  49. acl mail-ecp var(txn.txnpath) -m beg -i /ecp
  50. acl mail-mapi var(txn.txnpath) -m beg -i /mapi
  51. acl mail-ews var(txn.txnpath) -m beg -i /EWS
  52. acl mail-oab var(txn.txnpath) -m beg -i /OAB
  53. acl mail-activesync var(txn.txnpath) -m beg -i /Microsoft-Server-ActiveSync
  54. acl mail-rpc var(txn.txnpath) -m beg -i /rpc/rpcproxy.dll
  55. acl mail-autodiscover var(txn.txnpath) -m beg -i /Autodiscover
  56. acl mail-healthcheck var(txn.txnpath) -m end -i HealthCheck.htm
  57. acl source-internal src 192.168.5.0/24
  58. acl mail-owa-redirect var(txn.txnpath) -m str -i /owa
  59. http-request set-var(txn.txnhost) hdr(host)
  60. http-request set-var(txn.txnpath) path
  61. http-request deny if mail-acl mail-healthcheck
  62. http-request redirect prefix https://www.apolloncomputerservice.co.uk if www-redirect
  63. http-request redirect location https://mail.apollon-domain.co.uk/owa/ if mail-acl mail-owa-redirect
  64. use_backend monitor_ipvANY if monitor-acl
  65. use_backend filter_ipvANY if filter-acl
  66. use_backend cloud_ipvANY if cloud-acl
  67. use_backend invoice_ipvANY if invoice-acl
  68. use_backend blog_ipvANY if blog-acl
  69. use_backend www_ipvANY if www-acl
  70. use_backend mail-owa_ipvANY if mail-owa mail-acl
  71. use_backend mail-ecp_ipvANY if mail-ecp mail-acl source-internal
  72. use_backend mail-mapi_ipvANY if mail-mapi mail-acl
  73. use_backend mail-ews_ipvANY if mail-ews mail-acl
  74. use_backend mail-oab_ipvANY if mail-oab mail-acl
  75. use_backend mail-activesync_ipvANY if mail-activesync mail-acl
  76. use_backend mail-rpc_ipvANY if mail-rpc mail-acl
  77. use_backend mail-autodiscover_ipvANY if mail-autodiscover mail-acl
  78. use_backend mail-autodiscover_ipvANY if autodiscover-acl mail-autodiscover
  79.  
  80. frontend HTTP-Edge
  81. bind 82.14.242.248:80 name 82.14.242.248:80
  82. mode http
  83. log global
  84. option http-keep-alive
  85. timeout client 30000
  86. acl mail-acl var(txn.txnhost) -m str -i mail.apollon-domain.co.uk
  87. acl filter-acl var(txn.txnhost) -m str -i filter.apollon-domain.co.uk
  88. acl cloud-acl var(txn.txnhost) -m str -i cloud.apollon-domain.co.uk
  89. acl monitor-acl var(txn.txnhost) -m str -i monitor.apollon-domain.co.uk
  90. acl www-acl var(txn.txnhost) -m str -i www.apolloncomputerservice.co.uk
  91. acl blog-acl var(txn.txnhost) -m str -i blog.apollon-domain.co.uk
  92. acl www-redirect var(txn.txnhost) -m str -i apolloncomputerservice.co.uk
  93. acl invoice-acl var(txn.txnpath) -m str -i invoice.apolloncomputerservice.co.uk
  94. http-request set-var(txn.txnhost) hdr(host)
  95. http-request set-var(txn.txnpath) path
  96. http-request redirect scheme https if mail-acl
  97. http-request redirect scheme https if filter-acl
  98. http-request redirect scheme https if cloud-acl
  99. http-request redirect scheme https if monitor-acl
  100. http-request redirect scheme https if www-acl
  101. http-request redirect scheme https if blog-acl
  102. http-request redirect prefix https://www.apolloncomputerservice.co.uk if www-redirect
  103. http-request redirect scheme https if invoice-acl
  104.  
  105. frontend HTTPS-Edge-TCP
  106. bind 82.14.242.248:443 name 82.14.242.248:443
  107. mode tcp
  108. log global
  109. timeout client 14400000
  110. tcp-request inspect-delay 5s
  111. acl netscaler-acl req.ssl_sni -i apps.apollon-domain.co.uk
  112. acl netscaler-acl req.ssl_sni -i apps.apollon-domain.co.uk:443
  113. acl hasSNI req.ssl_sni -m found
  114. tcp-request content accept if { req.ssl_hello_type 1 }
  115. use_backend netscaler_ipvANY if netscaler-acl || !hasSNI
  116. default_backend defaultbackend_ipvANY
  117.  
  118. backend monitor_ipvANY
  119. mode http
  120. id 113
  121. log global
  122. timeout connect 30000
  123. timeout server 30000
  124. retries 3
  125. option httpchk OPTIONS /
  126. http-response add-header Content-Security-Policy upgrade-insecure-requests
  127. server ICARUS 192.168.5.160:80 id 114 check inter 1000
  128.  
  129. backend filter_ipvANY
  130. mode http
  131. id 107
  132. log global
  133. timeout connect 30000
  134. timeout server 30000
  135. retries 3
  136. http-response add-header Content-Security-Policy upgrade-insecure-requests
  137. server GLAUCUS 192.168.5.185:80 id 108 check inter 1000
  138.  
  139. backend cloud_ipvANY
  140. mode http
  141. id 121
  142. log global
  143. http-response set-header Strict-Transport-Security max-age=31536000;
  144. timeout connect 30000
  145. timeout server 30000
  146. retries 3
  147. option httpchk OPTIONS /
  148. http-response add-header Content-Security-Policy upgrade-insecure-requests
  149. server OEDIPUS 192.168.5.203:80 id 122 check inter 1000
  150.  
  151. backend invoice_ipvANY
  152. mode http
  153. id 123
  154. log global
  155. http-response set-header Strict-Transport-Security max-age=31536000;
  156. timeout connect 30000
  157. timeout server 30000
  158. retries 3
  159. option httpchk OPTIONS /
  160. server CLYTIA 192.168.5.198:443 id 124 ssl check inter 1000 verify none
  161.  
  162. backend blog_ipvANY
  163. mode http
  164. id 117
  165. log global
  166. http-response set-header Strict-Transport-Security max-age=31536000;
  167. timeout connect 30000
  168. timeout server 30000
  169. retries 3
  170. http-response add-header Content-Security-Policy upgrade-insecure-requests
  171. server MINOTAUR 192.168.5.168:80 id 104 check inter 1000
  172.  
  173. backend www_ipvANY
  174. mode http
  175. id 103
  176. log global
  177. http-response set-header Strict-Transport-Security max-age=31536000;
  178. timeout connect 30000
  179. timeout server 30000
  180. retries 3
  181. http-response add-header Content-Security-Policy upgrade-insecure-requests
  182. server MINOTAUR 192.168.5.168:80 id 126 check inter 1000
  183.  
  184. backend mail-owa_ipvANY
  185. mode http
  186. id 109
  187. log global
  188. timeout connect 30000
  189. timeout server 30000
  190. retries 3
  191. option httpchk GET /owa/HealthCheck.htm
  192. http-check expect string 200 OK
  193. server EREBOS 192.168.5.161:80 id 112 check inter 1000
  194.  
  195. backend mail-ecp_ipvANY
  196. mode http
  197. id 102
  198. log global
  199. timeout connect 30000
  200. timeout server 30000
  201. retries 3
  202. option httpchk GET /ECP/HealthCheck.htm
  203. http-check expect string 200 OK
  204. server EREBOS 192.168.5.161:80 id 112 check inter 1000
  205.  
  206. backend mail-mapi_ipvANY
  207. mode http
  208. id 110
  209. log global
  210. timeout connect 30000
  211. timeout server 30000
  212. retries 3
  213. option httpchk GET /mapi/HealthCheck.htm
  214. http-check expect string 200 OK
  215. server EREBOS 192.168.5.161:80 id 112 check inter 1000
  216.  
  217. backend mail-ews_ipvANY
  218. mode http
  219. id 118
  220. log global
  221. timeout connect 30000
  222. timeout server 30000
  223. retries 3
  224. option httpchk GET /EWS/HealthCheck.htm
  225. http-check expect string 200 OK
  226. server EREBOS 192.168.5.161:80 id 112 check inter 1000
  227.  
  228. backend mail-oab_ipvANY
  229. mode http
  230. id 125
  231. log global
  232. timeout connect 30000
  233. timeout server 30000
  234. retries 3
  235. option httpchk GET /OAB/HealthCheck.htm
  236. http-check expect string 200 OK
  237. server EREBOS 192.168.5.161:80 id 112 check inter 1000
  238.  
  239. backend mail-activesync_ipvANY
  240. mode http
  241. id 127
  242. log global
  243. timeout connect 30000
  244. timeout server 30000
  245. retries 3
  246. option httpchk GET /Microsoft-Server-ActiveSync/HealthCheck.htm
  247. http-check expect string 200 OK
  248. server EREBOS 192.168.5.161:80 id 112 check inter 1000
  249.  
  250. backend mail-rpc_ipvANY
  251. mode http
  252. id 128
  253. log global
  254. timeout connect 30000
  255. timeout server 30000
  256. retries 3
  257. option httpchk GET /RPC/HealthCheck.htm
  258. http-check expect string 200 OK
  259. server EREBOS 192.168.5.161:80 id 112 check inter 1000
  260.  
  261. backend mail-autodiscover_ipvANY
  262. mode http
  263. id 129
  264. log global
  265. timeout connect 30000
  266. timeout server 30000
  267. retries 3
  268. option httpchk GET /Autodiscover/HealthCheck.htm
  269. http-check expect string 200 OK
  270. server EREBOS 192.168.5.161:80 id 112 check inter 1000
  271.  
  272. backend netscaler_ipvANY
  273. mode tcp
  274. id 115
  275. log global
  276. timeout connect 30000
  277. timeout server 14400000
  278. retries 10
  279. http-check expect status 403
  280. server GANYMEDE 192.168.5.6:443 id 116 check inter 60000
  281.  
  282. backend defaultbackend_ipvANY
  283. mode tcp
  284. id 105
  285. log global
  286. timeout connect 30000
  287. timeout server 30000
  288. retries 3
  289. server defaultbackend /HTTPS-Edge-SNI.socket send-proxy-v2-ssl-cn id 106 check inter 1000
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!