haproxy.cfg hinzugefügt

haproxy.cfg

@@ -0,0 +1,52 @@
+global
+  daemon
+  log 127.0.0.1 local0
+  log 127.0.0.1 local1 notice
+  maxconn 4096
+  ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
+
+defaults
+  log               global
+  option            httplog
+  retries           3
+  maxconn           2000
+  timeout connect   5s
+  timeout client    50s
+  timeout server    50s
+
+listen stats
+  bind 127.0.0.1:9090
+  balance
+  mode http
+  stats enable
+  stats auth admin:securepasswordhere12341234!
+
+frontend http_in
+  bind *:80
+  mode http
+  http-request set-header X-Forwarded-Proto https if { ssl_fc }
+  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
+  http-request set-header X-Forwarded-For %[src]
+  use_backend ssl_redirect if { hdr(host) -i domainwithsslredirect.de }
+  use_backend acmesh if { path_beg /.well-known/acme-challenge/ }
+  default_backend no_match
+
+frontend https_in
+  bind *:443 ssl crt /etc/haproxy/ssl/
+  mode http
+  http-request set-header X-Forwarded-Proto https if { ssl_fc }
+  http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
+  http-request set-header X-Forwarded-For %[src]
+  use_backend domainxyz if { hdr(host) -i domainwithsslredirect.de }
+  default_backend no_match
+
+# Default backends
+backend acmesh
+  mode http
+  server acmesh 127.0.0.1:60001
+
+# Custom backends
+backend domainxyz
+  mode http
+  http-response set-header X-Robots-Tag noindex
+  server web1 10.10.10.10:80