# # HAProxy PhoenixLB Configuration # global user haproxy group haproxy log /dev/log local0 log /dev/log local1 notice log-tag haproxy chroot /var/lib/haproxy daemon master-worker quiet stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s maxconn 32000 pidfile /var/run/haproxy.pid ca-base /etc/ssl/certs crt-base /etc/ssl/private ssl-default-bind-options no-sslv3 ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES256-SHA:AES128-SHA ssl-dh-param-file /etc/haproxy/dhparam defaults timeout connect 5s timeout client 50s timeout server 50s timeout http-request 5s log global mode http balance roundrobin option httplog option dontlognull option redispatch retries 3 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http userlist controller user dataplaneapi insecure-password program api command /usr/local/bin/dataplaneapi --host 127.0.0.1 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /etc/haproxy/haproxy.cfg --reload-cmd "systemctl reload haproxy" --reload-delay 5 --userlist controller frontend _frontend_ex1 mode http bind 192.0.2.30:80 bind 192.0.2.30:443 ssl crt /etc/haproxy/sni-certs/default-cert.pem crt /etc/haproxy/sni-certs/ alpn h2,http/1.1 http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-For %[src] compression algo gzip compression type text/html text/plain text/xml application/json text/javascript application/javascript text/css application/xml application/x-javascript application/rss+xml application/xhtml+xml image/svg+xml monitor-uri /_healthcheck monitor-net 127.0.0.0/8 default_backend _backend_ex1 frontend _frontend_ex2 mode http bind 192.0.2.31:80 bind 192.0.2.31:443 ssl crt /etc/haproxy/sni-certs/default-cert.pem crt /etc/haproxy/sni-certs/ alpn h2,http/1.1 http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-For %[src] compression algo gzip compression type text/html text/plain text/xml application/json text/javascript application/javascript text/css application/xml application/x-javascript application/rss+xml application/xhtml+xml image/svg+xml monitor-uri /_healthcheck monitor-net 127.0.0.0/8 default_backend _backend_ex2 backend _backend_ex1 mode http option httplog balance leastconn option httpchk GET /_healthcheck HTTP/1.1\r\nHost:\ localhost http-check expect status 200 http-response set-header X-LB-Tracking "%f:%b:%s" http-request set-header X-LB-Tracking "%f:%b:%s" default-server fall 3 rise 10s check server SRV1 10.0.0.1:80 server SRV2 10.0.0.2:80 server outage 127.0.0.1:8000 backup backend _backend_ex2 mode http balance uri option httpchk GET /_healthcheck HTTP/1.1\r\nHost:\ localhost http-check expect status 200 http-check send-state http-response set-header X-LB-Tracking "%f:%b:%s" http-request set-header X-LB-Tracking "%f:%b:%s" default-server fall 3 rise 10s check server SRV1 10.0.0.1:80 server SRV2 10.0.0.2:80 server outage 127.0.0.1:8000 backup backend _backend_ex2 mode http balance hdr(Host) use_domain_only option httpchk GET /_healthcheck HTTP/1.1\r\nHost:\ localhost http-check expect status 200 http-check send-state http-response set-header X-LB-Tracking "%f:%b:%s" http-request set-header X-LB-Tracking "%f:%b:%s" default-server fall 3 rise 10s check server SRV1 10.0.0.3:80 server SRV2 10.0.0.4:80 server outage 127.0.0.1:8000 backup listen stats mode http bind 10.2.1.2:9000 stats uri /