Cisco | Linux | Mandriva | Centos | FreeBSD | GNS3 | Windows 2003 | RedHat | LVM | Rhev 3
Wednesday, March 7, 2018
Sample haproxy config that proxying a https backend and setup as active passive.
Sample haproxy config that proxying a https backend and setup as active passive.
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
tune.ssl.default-dh-param 2048
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend SHINY_APP
bind 1.2.3.40:443 ssl crt /etc/ssl/mycert.pem force-tlsv12
reqadd X-Forwarded-Proto:\ https
default_backend SHINY_BACKEND_443
option httplog
log global
frontend WEB_API
bind 1.2.3.40:8443 ssl crt /etc/ssl/mycert.pem force-tlsv12
reqadd X-Forwarded-Proto:\ https
default_backend WEBAPI_BACKEND_8443
option httplog
log global
backend SHINY_BACKEND_443
balance roundrobin
server MAIN_SHINY_WEB_1.2.3.41 1.2.3.41:443 weight 100 minconn 80 maxconn 180 inter 5s check ssl verify none
server BACKUP_SHINY_WEB_1.2.3.42 1.2.3.42:443 weight 100 minconn 80 maxconn 180 inter 5s check ssl verify none backup
backend WEBAPI_BACKEND_8443
balance roundrobin
server MAIN_WEB_API_1.2.3.43 1.2.3.43:8443 weight 100 minconn 100 maxconn 200 inter 5s check ssl verify none
server BACKUP_WEB_API_1.2.3.44 1.2.3.44:8443 weight 100 minconn 100 maxconn 200 inter 5s check ssl verify none backup
listen stats
bind 1.2.3.40:9999
stats enable
stats hide-version
stats uri /stats
stats show-desc Shiny Load Balancer Node
stats refresh 10s
stats auth admin:password #just change this to your preffered
stats scope SHINY_BACKEND_443
stats scope WEBAPI_BACKEND_8443
stats admin if TRUE
stats show-legends
# The above is at Centos 7
# to configure the logging, need to edit the rsyslog.conf to accept connection either tcp or udp and set the local2.* to /var/log/haproxy.log, then restart the service.
#The backup keyword at the backend is the setting for the backup role, while the primary is up, there should be none will be routed to the backup. See the documentation of haproxy for further explanation.