65 lines
1.7 KiB
INI
65 lines
1.7 KiB
INI
global
|
|
log /dev/log local0
|
|
log /dev/log local1 notice
|
|
chroot /var/lib/haproxy
|
|
stats timeout 30s
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
ssl-dh-param-file /etc/haproxy/dhparam4096.pem
|
|
|
|
defaults
|
|
log global
|
|
# mode tcp
|
|
mode http
|
|
option httplog
|
|
option dontlognull
|
|
timeout connect 5000
|
|
timeout client 50000
|
|
timeout server 50000
|
|
option http-server-close
|
|
|
|
#### Main fron end ####
|
|
frontend main_front
|
|
bind *:80
|
|
bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
|
|
# http-request redirect scheme https unless { ssl_fc }
|
|
redirect scheme https code 301 if !{ ssl_fc }
|
|
|
|
#### Stats Page ####
|
|
stats uri /haproxy?stats
|
|
stats auth nick:sBbGmTah67npAPvehEmi5q9NwS5GA
|
|
|
|
#### Set correct IP ####
|
|
acl from_cf src -f /etc/haproxy/cloudflare_ips.lst
|
|
acl cf_ip_hdr req.hdr(CF-Connecting-IP) -m found
|
|
# http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
|
|
http-request set-header real-ip1 %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
|
|
|
|
#### WP admin to single server ####
|
|
acl url_is_wp_admin path_beg /wp-admin /wp-login.php /manage /securein
|
|
use_backend adminServerHTTP if url_is_wp_admin
|
|
|
|
#### LE cert ####
|
|
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
|
use_backend letsencrypt-backend if letsencrypt-acl
|
|
|
|
#### Configure Backends ####
|
|
default_backend webserversHTTP
|
|
|
|
#### Main Backend ####
|
|
backend webserversHTTP
|
|
balance roundrobin
|
|
server web01 10.108.0.2:80 check
|
|
# server web02 10.108.0.5:80 check
|
|
|
|
#### Admin server ####
|
|
backend adminServerHTTP
|
|
balance roundrobin
|
|
server web01 10.108.0.2:80 check
|
|
# server web02 10.108.0.5:80 check
|
|
|
|
#### LE Backend ####
|
|
backend letsencrypt-backend
|
|
server letsencrypt 127.0.0.1:8080
|