From ef38ec3e84f9b2b1dc1bc0c9348fd490ad235271 Mon Sep 17 00:00:00 2001 From: caskd Date: Sun, 19 Jan 2020 18:10:37 +0100 Subject: [PATCH] Round robin balancing, TLS 1.2 minimum, ignore down services and use tasks. dns name for direct endpoints rather than VIP --- build/HAProxy/haproxy.conf | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/build/HAProxy/haproxy.conf b/build/HAProxy/haproxy.conf index ef4cc10..e45c0bf 100644 --- a/build/HAProxy/haproxy.conf +++ b/build/HAProxy/haproxy.conf @@ -1,5 +1,6 @@ global tune.ssl.default-dh-param 2048 + ssl-default-bind-options ssl-min-ver TLSv1.2 maxconn 2048 maxconnrate 40 uid 65534 @@ -15,13 +16,14 @@ defaults option tcp-smart-connect option tcpka option http-buffer-request + balance roundrobin compression algo gzip timeout http-request 10s timeout connect 10s timeout client 60s timeout server 240s timeout http-keep-alive 240s - default-server resolvers dockerdns + default-server resolvers dockerdns init-addr libc,none resolvers dockerdns nameserver docker 127.0.0.11:53 @@ -69,23 +71,23 @@ frontend https use_backend seedown if seedown backend homepage - server redxen-space rxhome.s3-website.eu-central-1.amazonaws.com:80 + server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80 http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com http-request set-header Connection \"\" backend grafana - server grafana-docker tig_grafana:3000 check + server-template grafana-docker 5 tasks.tig_grafana:3000 check option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests backend git - server git-docker git_gitea:3000 check + server git-docker tasks.git_gitea:3000 check option httpchk HEAD / HTTP/1.1\r\nHost:\ git.redxen.eu http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ https:\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests backend transmission - server transmission-docker seedbox_transmission:9091 check + server transmission-docker tasks.seedbox_transmission:9091 check http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests backend seedown - server httpd-seedown seedbox_httpd:80 check + server httpd-seedown tasks.seedbox_httpd:80 check