haproxy-test/haproxy.cfg.ssl

51 lines
1.3 KiB
Plaintext
Raw Normal View History

2020-10-24 22:22:29 -04:00
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
# mode tcp
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
option http-server-close
#### Main fron end ####
frontend https_front
bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
#### Stats Page ####
stats uri /haproxy?stats
stats auth nick:sBbGmTah67npAPvehEmi5q9NwS5GA
#### Set correct IP ####
acl from_cf src -f /etc/haproxy/cloudflare_ips.lst
acl cf_ip_hdr req.hdr(CF-Connecting-IP) -m found
# http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
http-request set-header real-ip1 %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
#### WP admin to single server ####
acl url_is_wp_admin path_beg /wp-admin /wp-login.php /manage /securein
use_backend adminServerHTTPS if url_is_wp_admin
#### Configure Backends ####
default_backend webserversHTTPS
#### Main Backend ####
backend webserversHTTPS
balance roundrobin
server web01.nicks.website 10.1.96.4:443 check ssl verify none
#### Admin server ####
backend adminServerHTTPS
balance roundrobin
server web01.nicks.website 10.1.96.4:443 check ssl verify none