Server/haproxy: Unterschied zwischen den Versionen
< Server
Keine Bearbeitungszusammenfassung |
Keine Bearbeitungszusammenfassung |
||
Zeile 21: | Zeile 21: | ||
log 127.0.0.1 local0 | log 127.0.0.1 local0 | ||
log 127.0.0.1 local1 notice | log 127.0.0.1 local1 notice | ||
maxconn 4096 | maxconn 4096 | ||
user haproxy | user haproxy | ||
group nogroup | group nogroup | ||
daemon | daemon | ||
defaults | defaults | ||
log global | log global | ||
mode | mode http | ||
option | option httplog | ||
option | option dontlognull | ||
option forwardfor | option forwardfor | ||
option http-server-close | option http-server-close | ||
stats enable | stats enable | ||
stats auth topsecret:topsecret | stats auth topsecret:topsecret | ||
stats uri /haproxyStats | stats uri /haproxyStats | ||
contimeout 5000 | contimeout 5000 | ||
clitimeout 50000 | clitimeout 50000 | ||
srvtimeout 50000 | srvtimeout 50000 | ||
frontend https-in | frontend https-in | ||
bind | bind 217.115.11.138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem | ||
bind 2001:4dd0:fb82:c3d2::e:138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem | |||
reqadd X-Forwarded-Proto:\ https | reqadd X-Forwarded-Proto:\ https | ||
default_backend | ### | ||
acl reverse1 hdr_dom(host) -i web.saugbert.hq.c3d2.de | |||
use_backend srv_reverse1 if reverse1 | |||
# | |||
acl reverse2 hdr_dom(host) -i web.storage.hq.c3d2.de | |||
use_backend srv_reverse2 if reverse2 | |||
### | |||
default_backend srv_reverse1 | |||
backend | backend srv_reverse1 | ||
redirect scheme https if !{ ssl_fc } | redirect scheme https if !{ ssl_fc } | ||
#balance leastconn | # balance leastconn | ||
balance roundrobin | balance roundrobin | ||
option httpclose | option httpclose | ||
option forwardfor | option forwardfor | ||
cookie JSESSIONID prefix | cookie JSESSIONID prefix | ||
### CARP // ### | |||
server reverseproxy 172.22.99.247:81 check | |||
### // CARP ### | |||
# server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check | |||
# server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check | |||
### // backend srv_reverse1 ### | |||
# | backend srv_reverse2 | ||
redirect scheme https if !{ ssl_fc } | |||
# balance leastconn | |||
balance roundrobin | |||
### CARP // ### | option httpclose | ||
server reverseproxy 172.22.99.247: | option forwardfor | ||
### // CARP ### | cookie JSESSIONID prefix | ||
### CARP // ### | |||
# | server reverseproxy 172.22.99.247:82 check | ||
# | ### // CARP ### | ||
# | ### // backend srv_reverse1 ### | ||
# | |||
# | |||
# | |||
### ### ### C3D2 ### ### ### | ### ### ### C3D2 ### ### ### | ||
Zeile 78: | Zeile 84: | ||
== SternenLogBuch == | == SternenLogBuch == | ||
* 24.06.2014 - wildcard cert & ipv6 & hdr_dom | |||
* 23.06.2014 - Basis Setup | * 23.06.2014 - Basis Setup |
Version vom 24. Juni 2014, 00:27 Uhr
Hardware Info
Virtualisiert durch intern:Freebert
Software Info
FreeBSD Jail Container
- haproxy
Verwendungszweck
- haproxy (high availability) für reverseproxy1/2 - CARP jails
- dev version 1.5 für ssl support
haproxy.conf
### ### ### C3D2 ### ### ###
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group nogroup
daemon
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
stats enable
stats auth topsecret:topsecret
stats uri /haproxyStats
contimeout 5000
clitimeout 50000
srvtimeout 50000
frontend https-in
bind 217.115.11.138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
bind 2001:4dd0:fb82:c3d2::e:138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
reqadd X-Forwarded-Proto:\ https
###
acl reverse1 hdr_dom(host) -i web.saugbert.hq.c3d2.de
use_backend srv_reverse1 if reverse1
#
acl reverse2 hdr_dom(host) -i web.storage.hq.c3d2.de
use_backend srv_reverse2 if reverse2
###
default_backend srv_reverse1
backend srv_reverse1
redirect scheme https if !{ ssl_fc }
# balance leastconn
balance roundrobin
option httpclose
option forwardfor
cookie JSESSIONID prefix
### CARP // ###
server reverseproxy 172.22.99.247:81 check
### // CARP ###
# server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check
# server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check
### // backend srv_reverse1 ###
backend srv_reverse2
redirect scheme https if !{ ssl_fc }
# balance leastconn
balance roundrobin
option httpclose
option forwardfor
cookie JSESSIONID prefix
### CARP // ###
server reverseproxy 172.22.99.247:82 check
### // CARP ###
### // backend srv_reverse1 ###
### ### ### C3D2 ### ### ###
# EOF
SternenLogBuch
- 24.06.2014 - wildcard cert & ipv6 & hdr_dom
- 23.06.2014 - Basis Setup