Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- global
- stats socket /var/lib/haproxy/stats
- stats socket *:1999 level admin
- stats socket /var/run/haproxy.sock mode 600 level admin
- server-state-file /etc/haproxy/haproxy.state
- # tune.h2.initial-window-size 16777216
- # lower your record size to improve Time to First Byte (TTFB)
- log /dev/log local0
- # set inactivity timeout to reset record size (in ms)
- tune.idletimer 1000
- ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
- ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
- tune.ssl.default-dh-param 2048
- tune.ssl.cachesize 100000
- tune.ssl.lifetime 600
- tune.ssl.maxrecord 1460
- tune.h2.initial-window-size 1048576
- maxconn 4000
- defaults
- load-server-state-from-file global
- mode http
- timeout connect 5s
- timeout client 50s
- timeout server 50s
- option httplog
- default-server init-addr last,libc,none
- frontend http
- bind *:80
- bind *:443 ssl crt /etc/haproxy/certs/
- http-request add-header X-Forwarded-Proto https
- http-request add-header X-Forwarded-Port 443
- http-response add-header Strict-Transport-Security max-age=15768000
- ### Block PlexRipper ###
- # http-request capture req.hdrs len 512
- # log-format "%ci:%cp [%tr] %ft [[%hr]] %hs %{+Q}r"
- # log global
- option httplog
- option forwardfor
- use_backend %[req.hdr(host),map_dom(/etc/haproxy/maps/cdn.map)]
- listen stats
- bind *:8404
- mode http
- stats enable
- stats uri /stats
- stats realm HAProxy-04\ Statistics
- stats auth
- stats admin if TRUE
- http-request use-service prometheus-exporter if { path /metrics }
- listen healthcheck
- bind *:6969
- mode http
- option httpchk GET /healthcheck
- http-request return status 200 content-type "text/plain" lf-string "OK"
- backend speedtest
- server speedtest 172.17.0.2:80
- backend service.domain.xyz
- server plex-cloud.the-preserve.xyz 11.111.11.1111:45362 check
- backend service2.domain.xyz
- http-request set-header host service2.domain.xyz
- server service2.domain.xyz service2.domain.xyz:443 check port 443 ssl verify none sni str(service2.domain.xyz)
- backend service3.domain.xyz
- http-request set-header host service3.domain.xyz
- server service3.domain.xyz service3.domain.xyz:443 check port 443 ssl verify none sni str(service3.domain.xyz.xyz)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement