haproxy-template/haproxy.cfg

52 lines
1.5 KiB
INI
Raw Normal View History

2024-02-19 19:30:31 +00:00
global
daemon
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
defaults
log global
option httplog
retries 3
maxconn 2000
timeout connect 5s
timeout client 50s
timeout server 50s
listen stats
bind 127.0.0.1:9090
balance
mode http
stats enable
stats auth admin:securepasswordhere12341234!
frontend http_in
bind *:80
mode http
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-For %[src]
use_backend ssl_redirect if { hdr(host) -i domainwithsslredirect.de }
use_backend acmesh if { path_beg /.well-known/acme-challenge/ }
default_backend no_match
frontend https_in
bind *:443 ssl crt /etc/haproxy/ssl/
mode http
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-For %[src]
use_backend domainxyz if { hdr(host) -i domainwithsslredirect.de }
default_backend no_match
# Default backends
backend acmesh
mode http
server acmesh 127.0.0.1:60001
# Custom backends
backend domainxyz
mode http
http-response set-header X-Robots-Tag noindex
server web1 10.10.10.10:80