52 lines
1.5 KiB
INI
52 lines
1.5 KiB
INI
|
global
|
||
|
daemon
|
||
|
log 127.0.0.1 local0
|
||
|
log 127.0.0.1 local1 notice
|
||
|
maxconn 4096
|
||
|
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
|
||
|
|
||
|
defaults
|
||
|
log global
|
||
|
option httplog
|
||
|
retries 3
|
||
|
maxconn 2000
|
||
|
timeout connect 5s
|
||
|
timeout client 50s
|
||
|
timeout server 50s
|
||
|
|
||
|
listen stats
|
||
|
bind 127.0.0.1:9090
|
||
|
balance
|
||
|
mode http
|
||
|
stats enable
|
||
|
stats auth admin:securepasswordhere12341234!
|
||
|
|
||
|
frontend http_in
|
||
|
bind *:80
|
||
|
mode http
|
||
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||
|
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
||
|
http-request set-header X-Forwarded-For %[src]
|
||
|
use_backend ssl_redirect if { hdr(host) -i domainwithsslredirect.de }
|
||
|
use_backend acmesh if { path_beg /.well-known/acme-challenge/ }
|
||
|
default_backend no_match
|
||
|
|
||
|
frontend https_in
|
||
|
bind *:443 ssl crt /etc/haproxy/ssl/
|
||
|
mode http
|
||
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||
|
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
||
|
http-request set-header X-Forwarded-For %[src]
|
||
|
use_backend domainxyz if { hdr(host) -i domainwithsslredirect.de }
|
||
|
default_backend no_match
|
||
|
|
||
|
# Default backends
|
||
|
backend acmesh
|
||
|
mode http
|
||
|
server acmesh 127.0.0.1:60001
|
||
|
|
||
|
# Custom backends
|
||
|
backend domainxyz
|
||
|
mode http
|
||
|
http-response set-header X-Robots-Tag noindex
|
||
|
server web1 10.10.10.10:80
|