haproxy
https://serversforhackers.com/c/letsencrypt-with-haproxy
https://tecadmin.net/how-to-setup-haproxy-load-balancing-on-ubuntu-linuxmint/
- root@ecsweb:~# cat /etc/haproxy/haproxy.cfg
- global
- log /dev/log local0
- log /dev/log local1 notice
- chroot /var/lib/haproxy
- stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
- stats timeout 30s
- user haproxy
- group haproxy
- daemon
- # Default SSL material locations
- ca-base /etc/ssl/certs
- crt-base /etc/ssl/private
- # Default ciphers to use on SSL-enabled listening sockets.
- # For more information, see ciphers(1SSL). This list is from:
- # An alternative list with additional directives can be obtained from
- ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
- ssl-default-bind-options no-sslv3
- defaults
- log global
- mode http
- option httplog
- option dontlognull
- timeout connect 5000
- timeout client 50000
- timeout server 50000
- errorfile 400 /etc/haproxy/errors/400.http
- errorfile 403 /etc/haproxy/errors/403.http
- errorfile 408 /etc/haproxy/errors/408.http
- errorfile 500 /etc/haproxy/errors/500.http
- errorfile 502 /etc/haproxy/errors/502.http
- errorfile 503 /etc/haproxy/errors/503.http
- errorfile 504 /etc/haproxy/errors/504.http
- # If it detects a LetsEncrypt request, is uses the LE backend
- frontend ft_http
- bind :80
- mode http
- default_backend bk_http
- frontend ft_https
- bind :443
- mode tcp
- default_backend bk_https
- # This is our new config that listens on port 443 for SSL connections
- # bind *:443 ssl crt /etc/ssl/ecsweb.bdcom.com.bd/ecsweb.bdcom.com.bd.pem
- # Redirect if HTTPS is *not* used
- redirect scheme https code 301 if !{ ssl_fc }
- # Test URI to see if its a letsencrypt request
- # acl letsencrypt-acl path_beg /.well-known/acme-challenge/
- # use_backend letsencrypt-backend if letsencrypt-acl
- ## default_backend be-scalinglaravel
- ##backend be-scalinglaravel
- ## balance roundrobin
- option forwardfor
- http-request set-header X-Forwarded-Port %[dst_port]
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
- backend bk_http
- mode http
- balance roundrobin
- #stick on src table bk_https
- default-server inter 1s
- server ecs.gov.bd ecs.gov.bd:80 check id 1
- server ecs.bdcom.com.bd ecs.bdcom.com.bd:80 check id 2
- #server ecsww.bdcom.com.bd ecsww.bdcom.com.bd:80 check id 3
- #server dns2.bdcom.com dns2.bdcom.com:80 check id 3
- backend bk_https
- mode tcp
- balance roundrobin
- stick-table type ip size 200k expire 30m
- stick on src
- default-server inter 1s
- # server ecsweb.bdcom.com.bd ecsweb.bdcom.com.bd:443 check ssl verify none
- #server prohostnms.bdcom.net prohostnms.bdcom.net:443 check ssl verify none
- # for 8181 haproxy panel
- listen stats
- bind *:8181
- stats enable
- stats uri /
- stats realm Haproxy\ Statistics
- stats auth admin:bdc0m987
- #backend letsencrypt-backend
- # server letsencrypt 127.0.0.1:8888
haproxy.txt · Last modified: 2023/03/06 11:31 by 127.0.0.1