HAProxy config

General Discussion
  • This is the HAProxy config I use for https://www.axisandallies.org whic is both wordpress and NodeBB.
    Traffic to

    and https://www.axisandallies.org/uploads goes to NodeBB and the rest goes to Wordpress. I've changed a few things IPs, dirs, etc so this is not exactly like production but it gives you an idea.
    I use HaProxy for other sites as well, which is why I check the hostname to use the backend.

        log /etc/haproxy/log    local0
        log /etc/haproxy/log    local1 notice
        chroot /var/lib/haproxy
        # maxconn 2048
        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private
        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL).
        ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option  forwardfor
        option  http-server-close
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http
    frontend http-in
        bind *:80
        reqadd X-Forwarded-Proto:\ http
        # Redirect all http traffic
        redirect scheme https code 301 if !{ ssl_fc }
    frontend https-in
        bind *:443 ssl crt /etc/ssl/private/site.pem crt
        #reqadd X-Forwarded-Proto:\ https
        http-request set-header X-Forwarded-Proto https
        http-request set-header X-Forwarded-For %[src]
        http-request set-header X-Client-IP %[src]
        http-request set-header X-Real-IP %[src]
        # acl rules
        acl is-axisandallies-org hdr_end(host) -i axisandallies.org
        acl is-forums path_beg /forums
        acl is-www hdr_beg(host) -i www
        acl is-wrong-upload path_beg /uploads
        # redirect non www to www for axis and allies
        http-request redirect code 301 location https://www.%[hdr(host)]%[url] if is-axisandallies-org !is-www
        # redirect the uploads urls
        http-request redirect code 301 location https://%[hdr(host)]%[url,regsub(^/uploads,/forums/assets/uploads,)] if is-wrong-upload is-axisandallies-org
        # rewrite the uploads urls for axisandallies.org
        # http-request set-path %[path,regsub(^/uploads,/forums/assets/uploads,)] if is-wrong-upload is-axisandallies-org
        # axisandallies.org/forums
        use_backend nodebb if is-axisandallies-org is-forums
        # axisandallies.org
        use_backend axisandallies-org if is-axisandallies-org
        # use_backend maintenance if is-axisandallies-org
    backend axisandallies-org
        redirect scheme https if !{ ssl_fc }
        server axisandalliesorg1 check
    backend nodebb
        balance source
        hash-type consistent
        redirect scheme https if !{ ssl_fc }
        server nodebb1 check
        server nodebb2 check
    backend maintenance
        errorfile 503 /opt/haproxy/errors/maintenance.html
  • I'm posting this as a new topic to share with other who might try HAProxy in the manner that I have tried it and because I have or solved a number issues that may or may not be related to this config.

Suggested Topics