Server/haproxy

Aus C3D2
Zur Navigation springen Zur Suche springen

Vorlage:Beinhaltet Abweichungen von der Realität

Server/freebert is gone!

Hardware

Virtualisiert durch Server/freebert/FreeBSD

Software

  • FreeBSD Jail Container
  • haproxy

Verwendungszweck

  • haproxy (high availability) für reverseproxy1/2 - CARP jails
  • dev version 1.5 für ssl support

https://haproxy.hq.c3d2.de

haproxy.conf

### ### ### C3D2 ### ### ###

global
    log 127.0.0.1   local0
    log 127.0.0.1   local1 notice
    maxconn         4096
    user            haproxy
    group           nogroup
    daemon

defaults
    log             global
    mode            http
    option          httplog
    option          dontlognull
    option          forwardfor
    option          http-server-close
    stats           enable
     stats          auth topsecret:topsecret
     stats          uri /haproxyStats
contimeout 5000
clitimeout 50000
srvtimeout 50000

frontend https-in
    bind 217.115.11.138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
    bind 2001:4dd0:fb82:c3d2::e:138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
    reqadd X-Forwarded-Proto:\ https
###
acl reverse1 hdr_dom(host) -i web.saugbert.hq.c3d2.de
use_backend srv_reverse1 if reverse1
#
acl reverse2 hdr_dom(host) -i web.storage.hq.c3d2.de
use_backend srv_reverse2 if reverse2
###
    default_backend srv_reverse1

backend srv_reverse1
    redirect scheme https if !{ ssl_fc }
    # balance leastconn
    balance roundrobin
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix
    ### CARP // ###
    server reverseproxy 172.22.99.247:81 check
    ### // CARP ###
    # server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check
    # server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check
### // backend srv_reverse1 ###

backend srv_reverse2
    redirect scheme https if !{ ssl_fc }
    # balance leastconn
    balance roundrobin
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix
    ### CARP // ###
    server reverseproxy 172.22.99.247:82 check
    ### // CARP ###
### // backend srv_reverse1 ###

### ### ### C3D2 ### ### ###
# EOF

SternenLogBuch

  • 24.06.2014 - wildcard cert & ipv6 & hdr_dom
  • 23.06.2014 - Basis Setup