haproxy_acl
- [root@bsha ~]# cat /etc/haproxy/haproxy.cfg
- #———————————————————————
- # Global settings
- #———————————————————————
- global
- #
- log 127.0.0.1 local2
- chroot /var/lib/haproxy
- pidfile /var/run/haproxy.pid
- maxconn 4000
- user haproxy
- group haproxy
- daemon
- # turn on stats unix socket
- stats socket /var/lib/haproxy/stats
- ssl-default-server-options force-tlsv12
- ssl-default-server-ciphers ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM:!RC4
- #———————————————————————
- # common defaults that all the 'listen' and 'backend' sections will
- # use if not designated in their block
- #———————————————————————
- defaults
- mode http
- log global
- option httplog
- option dontlognull
- option http-server-close
- option forwardfor except 127.0.0.0/8
- option redispatch
- retries 3
- timeout http-request 10s
- timeout queue 1m
- timeout connect 10s
- timeout client 1m
- timeout server 1m
- timeout http-keep-alive 10s
- timeout check 10s
- maxconn 3000
- #———————————————————————
- # main frontend which proxys to the backends
- #———————————————————————
- frontend localhost
- bind *:80
- bind *:443 ssl crt /etc/ssl/tbsnews.net/cert.pem
- acl is_epaper path -i -m beg /epaper/
- use_backend be_epaper if is_epaper
- redirect scheme https if !{ ssl_fc }
- mode http
- default_backend nodes
- #———————————————————————
- # static backend for serving up images, stylesheets and such
- #———————————————————————
- backend static
- balance roundrobin
- server static 103.16.74.242:80 check
- server static 103.16.74.244:80 check
- backend be_epaper
- balance roundrobin
- server static 103.16.74.242:80 check
- #———————————————————————
- # round robin balancing between the various backends
- #———————————————————————
- backend nodes
- mode http
- balance roundrobin
- option forwardfor
- option httpchk HEAD / HTTP/1.1\r\nHost:localhost
- server web42 103.16.74.242:80 check
- server web44 103.16.74.244:80 check
- http-request set-header X-Forwarded-Port %[dst_port]
- http-request add-header X-Forwarded-Proto https if { ssl_fc }
- #
- #STATISTICS Configuration
- #——————————————————-
- listen stats
- bind *:8082
- stats enable
- stats uri /
- stats realm Haproxy\ Statistics
- stats auth statadmin:bdc0m9876
- [ro
haproxy_acl.txt · Last modified: 2023/03/06 11:31 by 127.0.0.1