Server/haproxy: Unterschied zwischen den Versionen

Aus C3D2
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
Keine Bearbeitungszusammenfassung
Zeile 21: Zeile 21:
     log 127.0.0.1  local0
     log 127.0.0.1  local0
     log 127.0.0.1  local1 notice
     log 127.0.0.1  local1 notice
     maxconn 4096
     maxconn         4096
     user haproxy
     user           haproxy
     group nogroup
     group           nogroup
     daemon
     daemon


defaults
defaults
     log global
     log             global
     mode   http
     mode           http
     option httplog
     option         httplog
     option dontlognull
     option         dontlognull
     option forwardfor
     option         forwardfor
     option http-server-close
     option         http-server-close
     stats enable
     stats           enable
     stats auth topsecret:topsecret
     stats         auth topsecret:topsecret
     stats uri /haproxyStats
     stats         uri /haproxyStats
contimeout 5000
contimeout 5000
clitimeout 50000
clitimeout 50000
srvtimeout 50000
srvtimeout 50000
#frontend http-in
#    bind *:80
#    reqadd X-Forwarded-Proto:\ http
#    default_backend saugbert


frontend https-in
frontend https-in
     bind *:443 ssl crt /usr/local/etc/haproxy/haproxy.pem
     bind 217.115.11.138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
    bind 2001:4dd0:fb82:c3d2::e:138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
     reqadd X-Forwarded-Proto:\ https
     reqadd X-Forwarded-Proto:\ https
     default_backend saugbert
###
acl reverse1 hdr_dom(host) -i web.saugbert.hq.c3d2.de
use_backend srv_reverse1 if reverse1
#
acl reverse2 hdr_dom(host) -i web.storage.hq.c3d2.de
use_backend srv_reverse2 if reverse2
###
     default_backend srv_reverse1


backend saugbert
backend srv_reverse1
     redirect scheme https if !{ ssl_fc }
     redirect scheme https if !{ ssl_fc }
#balance leastconn
    # balance leastconn
     balance roundrobin
     balance roundrobin
     option httpclose
     option httpclose
     option forwardfor
     option forwardfor
     cookie JSESSIONID prefix
     cookie JSESSIONID prefix
    ### CARP // ###
    server reverseproxy 172.22.99.247:81 check
    ### // CARP ###
    # server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check
    # server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check
### // backend srv_reverse1 ###


#   #enter the IP of your application here
backend srv_reverse2
#    server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check #cookie A check
    redirect scheme https if !{ ssl_fc }
#    server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check #cookie B check
    # balance leastconn
 
    balance roundrobin
### CARP // ###
    option httpclose
     server reverseproxy 172.22.99.247:80 check
    option forwardfor
### // CARP ###
    cookie JSESSIONID prefix
 
    ### CARP // ###
#backend saugbert
     server reverseproxy 172.22.99.247:82 check
# mode http
    ### // CARP ###
# balance roundrobin
### // backend srv_reverse1 ###
# cookie SERVERID insert indirect nocache
# server reverseproxy1 172.22.99.79:80 check cookie reverseproxy1
# server reverseproxy2 172.22.99.99:80 check cookie reverseproxy1


### ### ### C3D2 ### ### ###
### ### ### C3D2 ### ### ###
Zeile 78: Zeile 84:


== SternenLogBuch ==
== SternenLogBuch ==
* 24.06.2014 - wildcard cert & ipv6 & hdr_dom
* 23.06.2014 - Basis Setup
* 23.06.2014 - Basis Setup

Version vom 24. Juni 2014, 00:27 Uhr


Hardware Info

Virtualisiert durch intern:Freebert

Software Info

FreeBSD Jail Container

  • haproxy

Verwendungszweck

  • haproxy (high availability) für reverseproxy1/2 - CARP jails
  • dev version 1.5 für ssl support

https://haproxy.hq.c3d2.de

haproxy.conf

### ### ### C3D2 ### ### ###

global
    log 127.0.0.1   local0
    log 127.0.0.1   local1 notice
    maxconn         4096
    user            haproxy
    group           nogroup
    daemon

defaults
    log             global
    mode            http
    option          httplog
    option          dontlognull
    option          forwardfor
    option          http-server-close
    stats           enable
     stats          auth topsecret:topsecret
     stats          uri /haproxyStats
contimeout 5000
clitimeout 50000
srvtimeout 50000

frontend https-in
    bind 217.115.11.138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
    bind 2001:4dd0:fb82:c3d2::e:138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
    reqadd X-Forwarded-Proto:\ https
###
acl reverse1 hdr_dom(host) -i web.saugbert.hq.c3d2.de
use_backend srv_reverse1 if reverse1
#
acl reverse2 hdr_dom(host) -i web.storage.hq.c3d2.de
use_backend srv_reverse2 if reverse2
###
    default_backend srv_reverse1

backend srv_reverse1
    redirect scheme https if !{ ssl_fc }
    # balance leastconn
    balance roundrobin
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix
    ### CARP // ###
    server reverseproxy 172.22.99.247:81 check
    ### // CARP ###
    # server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check
    # server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check
### // backend srv_reverse1 ###

backend srv_reverse2
    redirect scheme https if !{ ssl_fc }
    # balance leastconn
    balance roundrobin
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix
    ### CARP // ###
    server reverseproxy 172.22.99.247:82 check
    ### // CARP ###
### // backend srv_reverse1 ###

### ### ### C3D2 ### ### ###
# EOF

SternenLogBuch

  • 24.06.2014 - wildcard cert & ipv6 & hdr_dom
  • 23.06.2014 - Basis Setup
Abgerufen von „https://wiki.c3d2.de/w/index.php?title=Server/haproxy&oldid=18207