Configuraciones de HAProxy

Único FrontEnd

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
maxconn 4096
user haproxy
group haproxy
daemon

defaults
log global
option dontlognull
timeout connect 60s
timeout client 60s
timeout server 60s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

listen stats
bind :9000
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /haproxy
stats auth admin:admin

# ---- HTTP/HTTPS FrontEnd ----

frontend wan-web-in
  bind *:80
  mode http
  option httplog
  option http-server-close
  option forwardfor
  http-request add-header X-Client-IP %[src]

  bind *:443
  mode tcp
  option tcplog
  option ssl-hello-chk
  acl tls req.ssl_hello_type 1
  tcp-request inspect-delay 5s
  tcp-request content accept if tls

  use_backend be-http-hacks4geeks        if { hdr_end(host) -i        hacks4geeks.com } or { hdr_end(host) -i www.hacks4geeks.com }
  use_backend be-http-audio-hacks4geeks  if { hdr_end(host) -i  audio.hacks4geeks.com }
  use_backend be-http-nube-hacks4geeks   if { hdr_end(host) -i   nube.hacks4geeks.com }
  use_backend be-http-video-hacks4geeks  if { hdr_end(host) -i  video.hacks4geeks.com }

  use_backend be-https-hacks4geeks       if { req_ssl_sni -i        hacks4geeks.com } or { req_ssl_sni -i www.hacks4geeks.com }
  use_backend be-https-audio-hacks4geeks if { req_ssl_sni -i  audio.hacks4geeks.com }
  use_backend be-https-nube-hacks4geeks  if { req_ssl_sni -i   nube.hacks4geeks.com }
  use_backend be-https-video-hacks4geeks if { req_ssl_sni -i  video.hacks4geeks.com }

# ---- HTTP BackEnds ----

backend be-http-hacks4geeks
  mode http
  server srv-http-hacks4geeks 192.168.1.10:80

backend be-http-audio-hacks4geeks
  mode http
  server srv-http-audio-hacks4geeks 192.168.1.10:80

backend be-http-nube-hacks4geeks
  mode http
  server srv-http-nube-hacks4geeks 192.168.1.10:80

backend be-http-video-hacks4geeks
  mode http
  server srv-http-video-hacks4geeks 192.168.1.10:80

# ---- HTTPS BackEnds ----

backend be-https-hacks4geeks
  mode tcp
  server srv-https-hacks4geeks 192.168.1.10:443

backend be-https-audio-hacks4geeks
  mode tcp
  server srv-https-audio-hacks4geeks 192.168.1.10:443

backend be-https-nube-hacks4geeks
  mode tcp
  server srv-https-nube-hacks4geeks 192.168.1.10:443

backend be-https-video-hacks4geeks
  mode tcp
  server srv-https-video-hacks4geeks 192.168.1.10:443

Dos FrontEnds

global
  log /dev/log    local0
  log /dev/log    local1 notice
  chroot /var/lib/haproxy
  stats socket /run/haproxy/admin.sock mode 660 level admin
  stats timeout 30s
  maxconn 4096
  user haproxy
  group haproxy
  daemon

defaults
  log     global
  option  dontlognull
  timeout connect 60s
  timeout client  60s
  timeout server  60s
  errorfile 400 /etc/haproxy/errors/400.http
  errorfile 403 /etc/haproxy/errors/403.http
  errorfile 408 /etc/haproxy/errors/408.http
  errorfile 500 /etc/haproxy/errors/500.http
  errorfile 502 /etc/haproxy/errors/502.http
  errorfile 503 /etc/haproxy/errors/503.http
  errorfile 504 /etc/haproxy/errors/504.http

listen stats
  bind :9000
  mode http
  stats enable
  stats hide-version
  stats realm Haproxy\ Statistics
  stats uri /haproxy
  stats auth admin:admin

# ---- HTTP FrontEnd ----

frontend wan-http-in
  bind *:80
  mode http
  option http-server-close
  option httplog
  option forwardfor
  http-request add-header X-Client-IP %[src]
  http-request add-header HTTP_X_FORWARDED_FOR %[src]

  use_backend be-http-hacks4geeks       if { hdr_end(host) -i       hacks4geeks.com } or { hdr_end(host) -i www.hacks4geeks.com }
  use_backend be-http-audio-hacks4geeks if { hdr_end(host) -i audio.hacks4geeks.com }
  use_backend be-http-nube-hacks4geeks  if { hdr_end(host) -i  nube.hacks4geeks.com }
  use_backend be-http-video-hacks4geeks if { hdr_end(host) -i video.hacks4geeks.com }

# ---- HTTPS FrontEnd ----

frontend wan-https-in
  bind *:443
  mode tcp
  option tcplog
  option ssl-hello-chk
    acl tls req.ssl_hello_type 1
    tcp-request inspect-delay 5s
    tcp-request content accept if tls

  use_backend be-https-hacks4geeks       if { req_ssl_sni -i       hacks4geeks.com } or { req_ssl_sni -i www.hacks4geeks.com }
  use_backend be-https-audio-hacks4geeks if { req_ssl_sni -i audio.hacks4geeks.com }
  use_backend be-https-nube-hacks4geeks  if { req_ssl_sni -i  nube.hacks4geeks.com }
  use_backend be-https-video-hacks4geeks if { req_ssl_sni -i video.hacks4geeks.com }

# ---- HTTP BackEnds ----

backend be-http-hacks4geeks
  mode http
  server srv-http-hacks4geeks 192.168.1.10:80

backend be-http-audio-hacks4geeks
  mode http
  server srv-http-audio-hacks4geeks 192.168.1.10:80

backend be-http-nube-hacks4geeks
  mode http
  server srv-http-nube-hacks4geeks 192.168.1.10:80

backend be-http-video-hacks4geeks
  mode http
  server srv-http-video-hacks4geeks 192.168.1.10:80

# ---- HTTPS BackEnds ----

backend be-https-hacks4geeks
  mode tcp
  server srv-https-hacks4geeks 192.168.1.10:443

backend be-https-audio-hacks4geeks
  mode tcp
  server srv-https-audio-hacks4geeks 192.168.1.10:443

backend be-https-nube-hacks4geeks
  mode tcp
  server srv-https-nube-hacks4geeks 192.168.1.10:443

backend be-https-video-hacks4geeks
  mode tcp
  server srv-https-video-hacks4geeks 192.168.1.10:443

@NiPeGun

Técnico superior ASIR. Tecnópata auto-diagnosticado. Podcaster. Librepensador sincericida. Comunicador ácido no apto para «flower powers».
Me gusta desmontar todo y volverlo a montar.

Deja una respuesta Cancelar la respuesta

Lo siento, debes estar conectado para publicar un comentario.