2018-10-03 16:38:18 +03:00
|
|
|
#HA Proxy Config
|
|
|
|
|
global
|
2018-10-18 18:28:19 +03:00
|
|
|
ulimit-n 500000
|
|
|
|
|
maxconn 99999
|
|
|
|
|
maxpipes 99999
|
|
|
|
|
tune.maxaccept 500
|
2018-10-03 16:38:18 +03:00
|
|
|
|
|
|
|
|
log 127.0.0.1 local0
|
|
|
|
|
log 127.0.0.1 local1 notice
|
|
|
|
|
|
|
|
|
|
ca-base /etc/ssl/certs
|
|
|
|
|
crt-base /etc/ssl/private
|
|
|
|
|
|
|
|
|
|
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
|
|
|
|
|
ssl-default-bind-options no-sslv3
|
|
|
|
|
|
|
|
|
|
defaults
|
|
|
|
|
|
|
|
|
|
log global
|
|
|
|
|
|
|
|
|
|
mode http
|
|
|
|
|
|
|
|
|
|
timeout connect 5000ms
|
|
|
|
|
timeout client 50000ms
|
|
|
|
|
timeout server 50000ms
|
2018-10-26 17:19:57 +03:00
|
|
|
timeout tunnel 1h # timeout to use with WebSocket and CONNECT
|
|
|
|
|
|
|
|
|
|
default-server init-addr none
|
|
|
|
|
|
|
|
|
|
#enable resolving throught docker dns and avoid crashing if service is down while proxy is starting
|
|
|
|
|
resolvers docker_resolver
|
|
|
|
|
nameserver dns 127.0.0.11:53
|
2018-10-03 16:38:18 +03:00
|
|
|
|
|
|
|
|
listen stats
|
|
|
|
|
bind *:9999
|
|
|
|
|
stats enable
|
|
|
|
|
stats hide-version
|
|
|
|
|
stats uri /stats
|
|
|
|
|
stats auth admin:admin@123
|
|
|
|
|
|
2018-10-18 18:28:19 +03:00
|
|
|
listen mqtt-in
|
|
|
|
|
bind *:${MQTT_PORT}
|
|
|
|
|
mode tcp
|
|
|
|
|
option clitcpka # For TCP keep-alive
|
|
|
|
|
timeout client 3h
|
|
|
|
|
timeout server 3h
|
|
|
|
|
option tcplog
|
|
|
|
|
balance leastconn
|
2018-10-26 17:19:57 +03:00
|
|
|
server tbMqtt1 tb-mqtt-transport1:1883 check inter 5s resolvers docker_resolver resolve-prefer ipv4
|
|
|
|
|
server tbMqtt2 tb-mqtt-transport2:1883 check inter 5s resolvers docker_resolver resolve-prefer ipv4
|
2018-10-18 18:28:19 +03:00
|
|
|
|
2018-10-03 16:38:18 +03:00
|
|
|
frontend http-in
|
|
|
|
|
bind *:${HTTP_PORT}
|
|
|
|
|
|
2018-10-18 18:28:19 +03:00
|
|
|
option forwardfor
|
|
|
|
|
|
2018-10-03 16:38:18 +03:00
|
|
|
reqadd X-Forwarded-Proto:\ http
|
|
|
|
|
|
2018-11-07 19:09:55 +02:00
|
|
|
acl acl_static path_beg /static/ /index.html
|
|
|
|
|
acl acl_static path /
|
|
|
|
|
acl acl_static_rulenode path_beg /static/rulenode/
|
|
|
|
|
|
2018-10-08 13:15:00 +03:00
|
|
|
acl transport_http_acl path_beg /api/v1/
|
2018-10-03 16:38:18 +03:00
|
|
|
acl letsencrypt_http_acl path_beg /.well-known/acme-challenge/
|
2018-11-07 19:09:55 +02:00
|
|
|
|
2018-10-25 12:34:02 +03:00
|
|
|
redirect scheme https if !letsencrypt_http_acl !transport_http_acl { env(FORCE_HTTPS_REDIRECT) -m str true }
|
2018-11-07 19:09:55 +02:00
|
|
|
|
2018-10-03 16:38:18 +03:00
|
|
|
use_backend letsencrypt_http if letsencrypt_http_acl
|
2018-10-18 16:21:50 +03:00
|
|
|
use_backend tb-http-backend if transport_http_acl
|
2018-11-07 19:09:55 +02:00
|
|
|
use_backend tb-web-backend if acl_static !acl_static_rulenode
|
2018-10-03 16:38:18 +03:00
|
|
|
|
2018-11-07 19:09:55 +02:00
|
|
|
default_backend tb-api-backend
|
2018-10-03 16:38:18 +03:00
|
|
|
|
|
|
|
|
frontend https_in
|
|
|
|
|
bind *:${HTTPS_PORT} ssl crt /usr/local/etc/haproxy/default.pem crt /usr/local/etc/haproxy/certs.d ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
|
|
|
|
|
|
2018-10-18 18:28:19 +03:00
|
|
|
option forwardfor
|
2018-10-03 16:38:18 +03:00
|
|
|
|
2018-10-18 18:28:19 +03:00
|
|
|
reqadd X-Forwarded-Proto:\ https
|
2018-10-03 16:38:18 +03:00
|
|
|
|
2018-10-18 18:28:19 +03:00
|
|
|
acl transport_http_acl path_beg /api/v1/
|
2018-10-15 18:24:51 +03:00
|
|
|
|
2018-11-07 19:09:55 +02:00
|
|
|
acl acl_static path_beg /static/ /index.html
|
|
|
|
|
acl acl_static path /
|
|
|
|
|
acl acl_static_rulenode path_beg /static/rulenode/
|
2018-10-15 18:24:51 +03:00
|
|
|
|
2018-11-07 19:09:55 +02:00
|
|
|
use_backend tb-http-backend if transport_http_acl
|
|
|
|
|
use_backend tb-web-backend if acl_static !acl_static_rulenode
|
2018-10-26 12:49:20 +03:00
|
|
|
|
2018-11-07 19:09:55 +02:00
|
|
|
default_backend tb-api-backend
|
2018-10-26 12:49:20 +03:00
|
|
|
|
2018-10-03 16:38:18 +03:00
|
|
|
backend letsencrypt_http
|
|
|
|
|
server letsencrypt_http_srv 127.0.0.1:8080
|
|
|
|
|
|
|
|
|
|
backend tb-web-backend
|
|
|
|
|
balance leastconn
|
|
|
|
|
option tcp-check
|
|
|
|
|
option log-health-checks
|
2018-10-26 17:19:57 +03:00
|
|
|
server tbWeb1 tb-web-ui1:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4
|
|
|
|
|
server tbWeb2 tb-web-ui2:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4
|
2018-10-03 16:38:18 +03:00
|
|
|
http-request set-header X-Forwarded-Port %[dst_port]
|
2018-10-15 18:24:51 +03:00
|
|
|
|
2018-10-18 16:21:50 +03:00
|
|
|
backend tb-http-backend
|
|
|
|
|
balance leastconn
|
|
|
|
|
option tcp-check
|
|
|
|
|
option log-health-checks
|
2018-10-26 17:19:57 +03:00
|
|
|
server tbHttp1 tb-http-transport1:8081 check inter 5s resolvers docker_resolver resolve-prefer ipv4
|
|
|
|
|
server tbHttp2 tb-http-transport2:8081 check inter 5s resolvers docker_resolver resolve-prefer ipv4
|
2018-10-26 12:49:20 +03:00
|
|
|
|
|
|
|
|
backend tb-api-backend
|
|
|
|
|
balance leastconn
|
|
|
|
|
option tcp-check
|
|
|
|
|
option log-health-checks
|
2018-10-26 17:19:57 +03:00
|
|
|
server tbApi1 tb1:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4
|
|
|
|
|
server tbApi2 tb2:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4
|
