Server/haproxy
< Server
Vorlage:Beinhaltet Abweichungen von der Realität
Server/freebert is gone!
Hardware
Virtualisiert durch Server/freebert/FreeBSD
Software
- FreeBSD Jail Container
- haproxy
Verwendungszweck
- haproxy (high availability) für reverseproxy1/2 - CARP jails
- dev version 1.5 für ssl support
haproxy.conf
### ### ### C3D2 ### ### ###
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group nogroup
daemon
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
stats enable
stats auth topsecret:topsecret
stats uri /haproxyStats
contimeout 5000
clitimeout 50000
srvtimeout 50000
frontend https-in
bind 217.115.11.138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
bind 2001:4dd0:fb82:c3d2::e:138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
reqadd X-Forwarded-Proto:\ https
###
acl reverse1 hdr_dom(host) -i web.saugbert.hq.c3d2.de
use_backend srv_reverse1 if reverse1
#
acl reverse2 hdr_dom(host) -i web.storage.hq.c3d2.de
use_backend srv_reverse2 if reverse2
###
default_backend srv_reverse1
backend srv_reverse1
redirect scheme https if !{ ssl_fc }
# balance leastconn
balance roundrobin
option httpclose
option forwardfor
cookie JSESSIONID prefix
### CARP // ###
server reverseproxy 172.22.99.247:81 check
### // CARP ###
# server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check
# server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check
### // backend srv_reverse1 ###
backend srv_reverse2
redirect scheme https if !{ ssl_fc }
# balance leastconn
balance roundrobin
option httpclose
option forwardfor
cookie JSESSIONID prefix
### CARP // ###
server reverseproxy 172.22.99.247:82 check
### // CARP ###
### // backend srv_reverse1 ###
### ### ### C3D2 ### ### ###
# EOF
SternenLogBuch
- 24.06.2014 - wildcard cert & ipv6 & hdr_dom
- 23.06.2014 - Basis Setup