mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-11 14:05:12 +00:00
135 lines
3.0 KiB
INI
135 lines
3.0 KiB
INI
|
global
|
||
|
# chroot /var/empty/
|
||
|
# uid 451
|
||
|
# gid 451
|
||
|
log 192.168.131.214:8514 local4 debug
|
||
|
maxconn 8192
|
||
|
|
||
|
defaults
|
||
|
timeout connect 3500
|
||
|
timeout queue 11000
|
||
|
timeout tarpit 12000
|
||
|
timeout client 30000
|
||
|
timeout http-request 40000
|
||
|
timeout http-keep-alive 5000
|
||
|
timeout server 40000
|
||
|
timeout check 7000
|
||
|
|
||
|
option contstats
|
||
|
option log-health-checks
|
||
|
|
||
|
################################
|
||
|
userlist customer1
|
||
|
group adm users tiger,xdb
|
||
|
group dev users scott,tiger
|
||
|
group uat users boss,xdb,tiger
|
||
|
user scott insecure-password cat
|
||
|
user tiger insecure-password dog
|
||
|
user xdb insecure-password hello
|
||
|
user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91
|
||
|
|
||
|
userlist customer1alt
|
||
|
group adm
|
||
|
group dev
|
||
|
group uat
|
||
|
user scott insecure-password cat groups dev
|
||
|
user tiger insecure-password dog groups adm,dev,uat
|
||
|
user xdb insecure-password hello groups adm,uat
|
||
|
user boss password $6$k6y3o.eP$JlKBx9za966ud67qe45NSQYf8Nw.XFuk8QVRevoLh1XPCQDCBPjcU2JtGBSS0MOQW2PFxHSwRv6J.C0/D7cV91 groups uat
|
||
|
|
||
|
# Both customer1 and customer1alt userlist are functionally identical
|
||
|
|
||
|
frontend c1
|
||
|
bind 127.101.128.1:8080
|
||
|
log global
|
||
|
mode http
|
||
|
|
||
|
acl host_stats hdr_beg(host) -i stats.local
|
||
|
acl host_dev hdr_beg(host) -i dev.local
|
||
|
acl host_uat hdr_beg(host) -i uat.local
|
||
|
|
||
|
acl auth_uat http_auth_group(customer1) uat
|
||
|
|
||
|
# auth for host_uat checked in frontend, use realm "uat"
|
||
|
http-request auth realm uat if host_uat !auth_uat
|
||
|
|
||
|
use_backend c1stats if host_stats
|
||
|
use_backend c1dev if host_dev
|
||
|
use_backend c1uat if host_uat
|
||
|
|
||
|
backend c1uat
|
||
|
mode http
|
||
|
log global
|
||
|
|
||
|
server s6 192.168.152.206:80
|
||
|
server s7 192.168.152.207:80
|
||
|
|
||
|
backend c1dev
|
||
|
mode http
|
||
|
log global
|
||
|
|
||
|
# require users from customer1 assigned to group dev
|
||
|
acl auth_ok http_auth_group(customer1) dev
|
||
|
|
||
|
# auth checked in backend, use default realm (c1dev)
|
||
|
http-request auth if !auth_ok
|
||
|
|
||
|
server s6 192.168.152.206:80
|
||
|
server s7 192.168.152.207:80
|
||
|
|
||
|
backend c1stats
|
||
|
mode http
|
||
|
log global
|
||
|
|
||
|
# stats auth checked in backend, use default realm (Stats)
|
||
|
acl nagios src 192.168.126.31
|
||
|
acl guests src 192.168.162.0/24
|
||
|
acl auth_ok http_auth_group(customer1) adm
|
||
|
|
||
|
stats enable
|
||
|
stats refresh 60
|
||
|
stats uri /
|
||
|
stats scope c1
|
||
|
stats scope c1stats
|
||
|
|
||
|
# unconditionally deny guests, without checking auth or asking for a username/password
|
||
|
stats http-request deny if guests
|
||
|
|
||
|
# allow nagios without password, allow authenticated users
|
||
|
stats http-request allow if nagios
|
||
|
stats http-request allow if auth_ok
|
||
|
|
||
|
# ask for a username/password
|
||
|
stats http-request auth realm Stats
|
||
|
|
||
|
|
||
|
################################
|
||
|
userlist customer2
|
||
|
user peter insecure-password peter
|
||
|
user monica insecure-password monica
|
||
|
|
||
|
frontend c2
|
||
|
bind 127.201.128.1:8080
|
||
|
log global
|
||
|
mode http
|
||
|
|
||
|
acl auth_ok http_auth(customer2)
|
||
|
acl host_b1 hdr(host) -i b1.local
|
||
|
|
||
|
http-request auth unless auth_ok
|
||
|
|
||
|
use_backend c2b1 if host_b1
|
||
|
default_backend c2b0
|
||
|
|
||
|
backend c2b1
|
||
|
mode http
|
||
|
log global
|
||
|
|
||
|
server s1 192.168.152.201:80
|
||
|
|
||
|
backend c2b0
|
||
|
mode http
|
||
|
log global
|
||
|
|
||
|
server s1 192.168.152.201:80
|