Per-host naming, priviledge dropping and connection accepting after first request
This commit is contained in:
parent
5c98ec0360
commit
f127005958
2
base.yml
2
base.yml
|
@ -39,6 +39,8 @@ services:
|
||||||
image: localhost:5000/haproxy-rx
|
image: localhost:5000/haproxy-rx
|
||||||
deploy: *gt2 ## HAProxy really dislikes if it's overlapped
|
deploy: *gt2 ## HAProxy really dislikes if it's overlapped
|
||||||
logging: *json-log
|
logging: *json-log
|
||||||
|
enironment:
|
||||||
|
HOSTNAME: "{{.Node.Hostname}}"
|
||||||
volumes:
|
volumes:
|
||||||
- 'haproxysock:/haproxy:rw' ## Telegraf monitoring
|
- 'haproxysock:/haproxy:rw' ## Telegraf monitoring
|
||||||
networks:
|
networks:
|
||||||
|
|
|
@ -2,7 +2,10 @@ global
|
||||||
tune.ssl.default-dh-param 2048
|
tune.ssl.default-dh-param 2048
|
||||||
maxconn 2048
|
maxconn 2048
|
||||||
maxconnrate 40
|
maxconnrate 40
|
||||||
stats socket /haproxy/haproxy.sock mode 660 level admin
|
uid 65534
|
||||||
|
gid 65533
|
||||||
|
node "$HOSTNAME"
|
||||||
|
stats socket /haproxy/haproxy.sock mode 660 level admin show-node
|
||||||
|
|
||||||
defaults
|
defaults
|
||||||
mode http
|
mode http
|
||||||
|
@ -32,7 +35,7 @@ resolvers dockerdns
|
||||||
|
|
||||||
frontend https
|
frontend https
|
||||||
mode http
|
mode http
|
||||||
bind *:80
|
bind *:80 defer-accept
|
||||||
|
|
||||||
acl is_cf req.hdr_ip(x-forwarded-for) -m found
|
acl is_cf req.hdr_ip(x-forwarded-for) -m found
|
||||||
acl dav url_beg /.well-known/carddav /.well-known/caldav
|
acl dav url_beg /.well-known/carddav /.well-known/caldav
|
||||||
|
|
Reference in New Issue