hhf/nextcloud_haproxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nextcloud_haproxy/Layer4/haproxy.cfg
hhftechnologies 02238def14 update
2024-10-21 12:28:40 +05:30

78 lines
No EOL
3.6 KiB
INI
Raw Blame History

global
# HAProxy Layer 4 / TCP-Mode
# LoadBalancing by SNI
# SSL Termination at the BACKEND-site
# requesters ip's are forwarded by "send-proxy-v2"
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
tune.ssl.cachesize 1000000
# to create run: "openssl dhparam -dsaparam -out /etc/haproxy/dhparam.pem 4096"
ssl-dh-param-file /etc/haproxy/dhparam.pem
defaults
log global
mode tcp
log global
option tcplog
option dontlognull
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend NEXTCLOUD
bind *:443
maxconn 20400
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
##################################################################
acl ACL_NEXTCLOUD req.ssl_sni -i nextcloud.hhf.technology
use_backend BACKEND_NEXTCLOUD if ACL_NEXTCLOUD
##################################################################
acl ACL_TESTCLOUD req.ssl_sni -i testcloud.hhf.technology
use_backend BACKEND_TESTCLOUD if ACL_TESTCLOUD
##################################################################
default_backend BACKEND_NEXTCLOUD
##################################################################
backend BACKEND_NEXTCLOUD
mode tcp
fullconn 20000
balance leastconn
stick-table type ip size 100m expire 12h
stick on src
option httpchk GET /login
http-check expect rstatus [2-3][0-9][0-9]
server NC1 192.168.2.101:443 weight 1 inter 5s downinter 20s rise 4 fall 2 check check-ssl verify none on-marked-down shutdown-sessions maxconn 10000 send-proxy-v2
server NC2 192.168.2.102:443 weight 1 inter 5s downinter 20s rise 4 fall 2 check check-ssl verify none on-marked-down shutdown-sessions maxconn 10000 send-proxy-v2
backend BACKEND_TESTCLOUD
mode tcp
fullconn 400
balance leastconn
stick-table type ip size 100m expire 2h
stick on src
option httpchk GET /login
http-check expect rstatus [2-3][0-9][0-9]
server NC1 192.168.2.101:8443 weight 1 inter 5s downinter 20s rise 4 fall 2 check check-ssl verify none on-marked-down shutdown-sessions maxconn 200 send-proxy-v2
server NC2 192.168.2.102:8443 weight 1 inter 5s downinter 20s rise 4 fall 2 check check-ssl verify none on-marked-down shutdown-sessions maxconn 200 send-proxy-v2
Reference in a new issue View git blame Copy permalink