89 lines
2.1 KiB
INI
89 lines
2.1 KiB
INI
#HA Proxy Config
|
|
global
|
|
ulimit-n 500000
|
|
maxconn 99999
|
|
maxpipes 99999
|
|
tune.maxaccept 500
|
|
|
|
log 127.0.0.1 local0
|
|
log 127.0.0.1 local1 notice
|
|
|
|
ca-base /etc/ssl/certs
|
|
crt-base /etc/ssl/private
|
|
|
|
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
|
|
ssl-default-bind-options no-sslv3
|
|
|
|
defaults
|
|
|
|
log global
|
|
|
|
mode http
|
|
|
|
timeout connect 5000ms
|
|
timeout client 50000ms
|
|
timeout server 50000ms
|
|
|
|
listen stats
|
|
bind *:9999
|
|
stats enable
|
|
stats hide-version
|
|
stats uri /stats
|
|
stats auth admin:admin@123
|
|
|
|
listen mqtt-in
|
|
bind *:${MQTT_PORT}
|
|
mode tcp
|
|
option clitcpka # For TCP keep-alive
|
|
timeout client 3h
|
|
timeout server 3h
|
|
option tcplog
|
|
balance leastconn
|
|
server tbMqtt1 tb-mqtt-transport1:1883 check
|
|
server tbMqtt2 tb-mqtt-transport2:1883 check
|
|
|
|
frontend http-in
|
|
bind *:${HTTP_PORT}
|
|
|
|
option forwardfor
|
|
|
|
reqadd X-Forwarded-Proto:\ http
|
|
|
|
acl transport_http_acl path_beg /api/v1/
|
|
acl letsencrypt_http_acl path_beg /.well-known/acme-challenge/
|
|
redirect scheme https if !letsencrypt_http_acl !transport_http_acl { env(FORCE_HTTPS_REDIRECT) -m str true }
|
|
use_backend letsencrypt_http if letsencrypt_http_acl
|
|
use_backend tb-http-backend if transport_http_acl
|
|
|
|
default_backend tb-web-backend
|
|
|
|
frontend https_in
|
|
bind *:${HTTPS_PORT} ssl crt /usr/local/etc/haproxy/default.pem crt /usr/local/etc/haproxy/certs.d ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
|
|
|
|
option forwardfor
|
|
|
|
reqadd X-Forwarded-Proto:\ https
|
|
|
|
acl transport_http_acl path_beg /api/v1/
|
|
use_backend tb-http-backend if transport_http_acl
|
|
|
|
default_backend tb-web-backend
|
|
|
|
backend letsencrypt_http
|
|
server letsencrypt_http_srv 127.0.0.1:8080
|
|
|
|
backend tb-web-backend
|
|
balance leastconn
|
|
option tcp-check
|
|
option log-health-checks
|
|
server tbWeb1 tb-web-ui1:8080 check
|
|
server tbWeb2 tb-web-ui2:8080 check
|
|
http-request set-header X-Forwarded-Port %[dst_port]
|
|
|
|
backend tb-http-backend
|
|
balance leastconn
|
|
option tcp-check
|
|
option log-health-checks
|
|
server tbHttp1 tb-http-transport1:8081 check
|
|
server tbHttp2 tb-http-transport2:8081 check
|