blob: 0a6ec70710bd52fd0af0f6ff109f792cb1050a5c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
global
log 127.0.0.1 local4
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
tune.ssl.default-dh-param 2048
ssl-default-bind-options no-tls-tickets
ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind *:80
bind *:443 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/haproxy.pem
rspadd Strict-Transport-Security:\ max-age=15768000
acl ickweb path_beg /web
acl blobs path_beg /blobs
acl token path_beg /token
acl login path_beg /login
acl auth path_beg /auth
acl clients path_beg /clients
acl users path_beg /users
acl applications path_beg /applications
acl notify path_beg /notify
acl debian path_beg /debian
acl any method GET HEAD POST PUT DELETE
use_backend apache if debian
use_backend ickweb if ickweb
use_backend notification_service if notify
use_backend artifact_store if blobs
use_backend qvisqve if token
use_backend qvisqve if login
use_backend qvisqve if auth
use_backend qvisqve if clients
use_backend qvisqve if users
use_backend qvisqve if applications
use_backend controller if any
backend apache
server apache_1 127.0.0.1:8080
backend ickweb
server ickweb_1 127.0.0.1:{{ ickweb_port }}
backend controller
server controller_1 127.0.0.1:{{ controller_port }}
backend artifact_store
server artifact_store_1 127.0.0.1:{{ artifact_store_port }}
backend qvisqve
server qvisqve_1 127.0.0.1:{{ qvisqve_port }}
backend notification_service
server notify_1 127.0.0.1:{{ notify_port }}
|