HAProxy config



  • This is the HAProxy config I use for https://www.axisandallies.org whic is both wordpress and NodeBB.
    Traffic to https://www.axisandallies.org/forums and https://www.axisandallies.org/uploads goes to NodeBB and the rest goes to Wordpress. I've changed a few things IPs, dirs, etc so this is not exactly like production but it gives you an idea.
    I use HaProxy for other sites as well, which is why I check the hostname to use the backend.

    global
        log /etc/haproxy/log    local0
        log /etc/haproxy/log    local1 notice
        chroot /var/lib/haproxy
        daemon
    
        # maxconn 2048
    
        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private
    
        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL).
        ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
    
    defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option  forwardfor
        option  http-server-close
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http
    
    frontend http-in
        bind *:80
        reqadd X-Forwarded-Proto:\ http
    
        # Redirect all http traffic
        redirect scheme https code 301 if !{ ssl_fc }
    
    frontend https-in
        bind *:443 ssl crt /etc/ssl/private/site.pem crt
        #reqadd X-Forwarded-Proto:\ https
        http-request set-header X-Forwarded-Proto https
        http-request set-header X-Forwarded-For %[src]
        http-request set-header X-Client-IP %[src]
        http-request set-header X-Real-IP %[src]
    
        # acl rules
        acl is-axisandallies-org hdr_end(host) -i axisandallies.org
        acl is-forums path_beg /forums
        acl is-www hdr_beg(host) -i www
        acl is-wrong-upload path_beg /uploads
    
        # redirect non www to www for axis and allies
        http-request redirect code 301 location https://www.%[hdr(host)]%[url] if is-axisandallies-org !is-www
    
        # redirect the uploads urls
        http-request redirect code 301 location https://%[hdr(host)]%[url,regsub(^/uploads,/forums/assets/uploads,)] if is-wrong-upload is-axisandallies-org
    
        # rewrite the uploads urls for axisandallies.org
        # http-request set-path %[path,regsub(^/uploads,/forums/assets/uploads,)] if is-wrong-upload is-axisandallies-org
    
        # axisandallies.org/forums
        use_backend nodebb if is-axisandallies-org is-forums
    
        # axisandallies.org
        use_backend axisandallies-org if is-axisandallies-org
        # use_backend maintenance if is-axisandallies-org
    
    backend axisandallies-org
        redirect scheme https if !{ ssl_fc }
        server axisandalliesorg1 10.20.30.41:80 check
    
    backend nodebb
        balance source
        hash-type consistent
        redirect scheme https if !{ ssl_fc }
        server nodebb1 10.20.30.40:4567 check
        server nodebb2 10.20.30.40:4568 check
    
    backend maintenance
        errorfile 503 /opt/haproxy/errors/maintenance.html
    


  • I'm posting this as a new topic to share with other who might try HAProxy in the manner that I have tried it and because I have or solved a number issues that may or may not be related to this config.


 

Suggested Topics

  • 2
  • 7
  • 14
  • 7
  • 4
| |