-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathhaproxy.cfg
184 lines (157 loc) · 4.45 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
global
log /proc/1/fd/1 local0
log /proc/1/fd/2 local1 notice
# create a secure frontend/backend to this socket
# stats socket /run/admin.sock mode 660 level admin expose-fd listeners
stats socket [email protected]:2945 mode 660 level admin expose-fd listeners
stats timeout 30s
# to write to stdout
user root
group haproxy
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
maxconn 256
resolvers dockerdns
nameserver dns1 127.0.0.11:53
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 10s
hold refused 10s
hold nx 10s
hold timeout 10s
hold valid 10s
hold obsolete 10s
defaults
log global
backlog 10000
option contstats
option dontlognull
option redispatch
retries 3
timeout tunnel 3600s
timeout queue 30s
timeout client 25s
timeout connect 5s
timeout server 25s
timeout http-keep-alive 1s
timeout http-request 15s
timeout tarpit 60s
default-server inter 3s rise 2 fall 10 init-addr 127.0.0.1
#
# Admin socket interface
# exposed on port 2000
#
frontend admin_socket
# TODO fix this line or tell integrators to
# DON'T EXPOSE THIS PORT
#acl network_allowed src {FMT_HOST_IP}
bind :2000
use_backend admin_socket_backend
backend admin_socket_backend
mode tcp
server admin_socket_server 127.0.0.1:2945
#
# Backend
#
frontend ha-frontend-http
mode http
option httplog
option http-server-close
bind :80
bind :443 ssl crt /etc/ssl/private/proxy.pem
# Added stats support
stats enable
stats refresh 30s
stats show-node
stats show-legends
stats auth admin:admin
stats uri /stats
errorfile 503 /etc/503-movai.http
use_backend ha-backend-monitoring if { path -i -m beg /monitoring }
use_backend ha-backend-http
#
# NPM
#
frontend ha-frontend-npm
mode http
bind :3000
acl backend_reg path_reg ^/api/v1/.*
acl ws_reg path_reg ^/ws/.*
use_backend ha-backend-http if backend_reg
use_backend ha-backend-http if ws_reg
use_backend ha-backend-npm
errorfile 503 /etc/503-movai.http
#
# Redis Master
#
frontend ha-frontend-redis-master
mode tcp
# master
# eth0, outer interface
bind :6379 ssl crt /etc/ssl/private/proxy.pem
use_backend ha-backend-redis-master
#
# Redis Slave
#
frontend ha-frontend-redis-slave
mode tcp
# slave, eth1, inner network
bind :6379
use_backend ha-backend-redis-slave
#
# Ros Tools
#
frontend ha-frontend-ros-tools
mode http
bind :8901 ssl crt /etc/ssl/private/proxy.pem
use_backend ha-backend-ros-tools
errorfile 503 /etc/503-movai.http
#
# Spawner
#
frontend ha-frontend-spawner
mode tcp
bind :11411
bind :9090
use_backend ha-backend-spawner
## BACKENDS ##
backend ha-backend-monitoring
mode http
#server container-monitoring 127.0.0.1 disabled
server container-monitoring monitoring.flow_private check resolvers dockerdns init-addr libc,none
backend ha-backend-http
mode http
#server container-backend 127.0.0.1 disabled
server container-backend backend.flow_private:8080 check resolvers dockerdns init-addr libc,none
backend ha-backend-npm
mode http
#server container-frontend 127.0.0.1 disabled
server container-frontend frontend.flow_private:3000 check resolvers dockerdns init-addr libc,none
backend ha-backend-redis-master
mode tcp
# master/ssl
#server container-redis-master 127.0.0.1 disabled
server container-redis-master redis-master.flow_private:6379 check resolvers dockerdns init-addr libc,none
backend ha-backend-redis-slave
mode tcp
# slave:
server container-remote-redis-master 127.0.0.1 disabled ssl verify none
server container-remote-redis-master-nossl 127.0.0.1 backup disabled
backend ha-backend-ros-tools
mode http
#server container-ros-tools 127.0.0.1 disabled
server container-ros-tools ros-tools.flow_private check resolvers dockerdns init-addr libc,none
backend ha-backend-spawner
mode tcp
#server container-spawner 127.0.0.1 disabled
server container-spawner spawner.flow_private:11411 check resolvers dockerdns init-addr libc,none