59 lines
1.5 KiB
Django/Jinja
59 lines
1.5 KiB
Django/Jinja
global
|
|
log 127.0.0.1 local0
|
|
log 127.0.0.1 local1 notice
|
|
chroot /var/lib/haproxy
|
|
stats socket /run/haproxy/admin.sock mode 660 level admin
|
|
stats timeout 30s
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
|
|
# Default SSL material locations
|
|
ca-base /etc/ssl/certs
|
|
crt-base /etc/ssl/private
|
|
|
|
# Default ciphers to use on SSL-enabled listening sockets.
|
|
# For more information, see ciphers(1SSL).
|
|
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
|
|
|
defaults
|
|
log global
|
|
mode http
|
|
option httplog
|
|
option dontlognull
|
|
timeout connect 5000
|
|
timeout client 50000
|
|
timeout server 50000
|
|
errorfile 400 /etc/haproxy/errors/400.http
|
|
errorfile 403 /etc/haproxy/errors/403.http
|
|
errorfile 408 /etc/haproxy/errors/408.http
|
|
errorfile 500 /etc/haproxy/errors/500.http
|
|
errorfile 502 /etc/haproxy/errors/502.http
|
|
errorfile 503 /etc/haproxy/errors/503.http
|
|
errorfile 504 /etc/haproxy/errors/504.http
|
|
|
|
frontend localnodes
|
|
bind *:80
|
|
mode http
|
|
default_backend nodes
|
|
|
|
backend nodes
|
|
mode http
|
|
balance roundrobin
|
|
option forwardfor
|
|
http-request set-header X-Forwarded-Port %[dst_port]
|
|
http-request add-header X-Forwarded-Proto https if { ssl_fc }
|
|
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
|
|
#server worker_01 172.22.244.81:80 check
|
|
{% for host in groups['worker'] %}
|
|
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_default_ipv4'].address }}:80 check
|
|
{% endfor %}
|
|
|
|
listen stats
|
|
bind *:1936
|
|
stats enable
|
|
stats uri /
|
|
stats hide-version
|
|
stats auth admin:admin
|
|
|