mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-11 22:15:14 +00:00
f3c692090e
This makes it possible to relay SSL connections in pure TCP instances while ensuring the remote end really receives our data eventhough intermediate agents (firewalls, proxies, ...) might acknowledge the connection.
80 lines
2.3 KiB
INI
80 lines
2.3 KiB
INI
# this config needs haproxy-1.1.28 or haproxy-1.2.1
|
|
|
|
global
|
|
log 127.0.0.1 local0
|
|
log 127.0.0.1 local1 notice
|
|
#log loghost local0 info
|
|
maxconn 4096
|
|
chroot /usr/share/haproxy
|
|
uid 99
|
|
gid 99
|
|
daemon
|
|
#debug
|
|
#quiet
|
|
|
|
defaults
|
|
log global
|
|
mode http
|
|
option httplog
|
|
option dontlognull
|
|
retries 3
|
|
redispatch
|
|
maxconn 2000
|
|
contimeout 5000
|
|
clitimeout 50000
|
|
srvtimeout 50000
|
|
|
|
listen appli1-rewrite 0.0.0.0:10001
|
|
cookie SERVERID rewrite
|
|
balance roundrobin
|
|
server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise 2 fall 5
|
|
server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5
|
|
server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5
|
|
server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5
|
|
|
|
listen appli2-insert 0.0.0.0:10002
|
|
option httpchk
|
|
balance roundrobin
|
|
cookie SERVERID insert indirect nocache
|
|
server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
|
|
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
|
|
capture cookie vgnvisitor= len 32
|
|
|
|
option httpclose # disable keep-alive
|
|
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
|
|
|
|
listen appli3-relais 0.0.0.0:10003
|
|
dispatch 192.168.135.17:80
|
|
|
|
listen appli4-backup 0.0.0.0:10004
|
|
option httpchk /index.html
|
|
option persist
|
|
balance roundrobin
|
|
server inst1 192.168.114.56:80 check inter 2000 fall 3
|
|
server inst2 192.168.114.56:81 check inter 2000 fall 3 backup
|
|
|
|
listen ssl-relay 0.0.0.0:8443
|
|
option ssl-hello-chk
|
|
balance source
|
|
server inst1 192.168.110.56:443 check inter 2000 fall 3
|
|
server inst2 192.168.110.57:443 check inter 2000 fall 3
|
|
server back1 192.168.120.58:443 backup
|
|
|
|
listen appli5-backup 0.0.0.0:10005
|
|
option httpchk *
|
|
balance roundrobin
|
|
cookie SERVERID insert indirect nocache
|
|
server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
|
|
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
|
|
server inst3 192.168.114.57:80 backup check inter 2000 fall 3
|
|
capture cookie ASPSESSION len 32
|
|
srvtimeout 20000
|
|
|
|
option httpclose # disable keep-alive
|
|
option checkcache # block response if set-cookie & cacheable
|
|
|
|
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
|
|
|
|
errorloc 502 http://192.168.114.58/error502.html
|
|
|