meta données pour cette page
  •  

Installer Haproxy

Installation de base : https://wiki.evolix.org/HowtoHaproxy Avec SSL : https://serversforhackers.com/c/using-ssl-certificates-with-haproxy

config de test :

Cliquez pour afficher ⇲

Cliquez pour masquer ⇱

haproxy.cfg
global
    log         /dev/log local5
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    user        haproxy
    group       haproxy
    daemon
 
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 660 level admin
    node haproxy
    stats timeout 30s
 
    ca-base /etc/ssl/certs/
    tune.ssl.default-dh-param 2048
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!RC4
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
 
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option                  forwardfor except 127.0.0.0/8 header X-Forwarded-For
    option                  redispatch
    option                  http-server-close
    option                  abortonclose
    retries                 3
    timeout http-request    10s
    timeout queue           60s
    timeout connect         4s
    timeout client          300s
    timeout server          300s
#    timeout http-keep-alive 10s
#    timeout check           10s
    maxconn                 3000
    default-server port 80 maxconn 150 on-error fail-check slowstart 60s inter 30s fastinter 5s downinter 10s weight 100
 
frontend front
    option forwardfor
    maxconn 800
    bind 0.0.0.0:80
    http-request add-header X-Proto https if { ssl_fc }
    redirect scheme https if !{ ssl_fc }
#    default_backend back
 
frontend front_ssl
    bind 0.0.0.0:443 ssl crt /etc/ssl/domaine.com.pem
    http-request set-header X-Forwarded-Proto: https
    default_backend back
 
backend back
    balance roundrobin
    server debian  192.168.0.23:80 check observe layer4 weight 100
    server debian3  192.168.0.24:80 check observe layer4 weight 100
 
listen stats
    bind 0.0.0.0:8080
    stats enable
    stats uri /haproxy
    stats show-legends
    stats show-node
    stats realm Auth\ required
    stats auth foo:bar
    stats admin if TRUE

Redirections

acl search hdr(host) www.domaine.com
http-request redirect code 301 location http://www.domaine.com/t/%[urlp(search)] if { path_dir /recherche } search