-
Configuraciones de HAProxy
Único FrontEnd
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s maxconn 4096 user haproxy group haproxy daemon defaults log global option dontlognull timeout connect 60s timeout client 60s timeout server 60s errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen stats bind :9000 mode http stats enable stats hide-version stats realm Haproxy\ Statistics stats uri /haproxy stats auth admin:admin # ---- HTTP/HTTPS FrontEnd ---- frontend wan-web-in bind *:80 mode http option httplog option http-server-close option forwardfor http-request add-header X-Client-IP %[src] bind *:443 mode tcp option tcplog option ssl-hello-chk acl tls req.ssl_hello_type 1 tcp-request inspect-delay 5s tcp-request content accept if tls use_backend be-http-hacks4geeks if { hdr_end(host) -i hacks4geeks.com } or { hdr_end(host) -i www.hacks4geeks.com } use_backend be-http-audio-hacks4geeks if { hdr_end(host) -i audio.hacks4geeks.com } use_backend be-http-nube-hacks4geeks if { hdr_end(host) -i nube.hacks4geeks.com } use_backend be-http-video-hacks4geeks if { hdr_end(host) -i video.hacks4geeks.com } use_backend be-https-hacks4geeks if { req_ssl_sni -i hacks4geeks.com } or { req_ssl_sni -i www.hacks4geeks.com } use_backend be-https-audio-hacks4geeks if { req_ssl_sni -i audio.hacks4geeks.com } use_backend be-https-nube-hacks4geeks if { req_ssl_sni -i nube.hacks4geeks.com } use_backend be-https-video-hacks4geeks if { req_ssl_sni -i video.hacks4geeks.com } # ---- HTTP BackEnds ---- backend be-http-hacks4geeks mode http server srv-http-hacks4geeks 192.168.1.10:80 backend be-http-audio-hacks4geeks mode http server srv-http-audio-hacks4geeks 192.168.1.10:80 backend be-http-nube-hacks4geeks mode http server srv-http-nube-hacks4geeks 192.168.1.10:80 backend be-http-video-hacks4geeks mode http server srv-http-video-hacks4geeks 192.168.1.10:80 # ---- HTTPS BackEnds ---- backend be-https-hacks4geeks mode tcp server srv-https-hacks4geeks 192.168.1.10:443 backend be-https-audio-hacks4geeks mode tcp server srv-https-audio-hacks4geeks 192.168.1.10:443 backend be-https-nube-hacks4geeks mode tcp server srv-https-nube-hacks4geeks 192.168.1.10:443 backend be-https-video-hacks4geeks mode tcp server srv-https-video-hacks4geeks 192.168.1.10:443
Dos FrontEnds
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s maxconn 4096 user haproxy group haproxy daemon defaults log global option dontlognull timeout connect 60s timeout client 60s timeout server 60s errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen stats bind :9000 mode http stats enable stats hide-version stats realm Haproxy\ Statistics stats uri /haproxy stats auth admin:admin # ---- HTTP FrontEnd ---- frontend wan-http-in bind *:80 mode http option http-server-close option httplog option forwardfor http-request add-header X-Client-IP %[src] http-request add-header HTTP_X_FORWARDED_FOR %[src] use_backend be-http-hacks4geeks if { hdr_end(host) -i hacks4geeks.com } or { hdr_end(host) -i www.hacks4geeks.com } use_backend be-http-audio-hacks4geeks if { hdr_end(host) -i audio.hacks4geeks.com } use_backend be-http-nube-hacks4geeks if { hdr_end(host) -i nube.hacks4geeks.com } use_backend be-http-video-hacks4geeks if { hdr_end(host) -i video.hacks4geeks.com } # ---- HTTPS FrontEnd ---- frontend wan-https-in bind *:443 mode tcp option tcplog option ssl-hello-chk acl tls req.ssl_hello_type 1 tcp-request inspect-delay 5s tcp-request content accept if tls use_backend be-https-hacks4geeks if { req_ssl_sni -i hacks4geeks.com } or { req_ssl_sni -i www.hacks4geeks.com } use_backend be-https-audio-hacks4geeks if { req_ssl_sni -i audio.hacks4geeks.com } use_backend be-https-nube-hacks4geeks if { req_ssl_sni -i nube.hacks4geeks.com } use_backend be-https-video-hacks4geeks if { req_ssl_sni -i video.hacks4geeks.com } # ---- HTTP BackEnds ---- backend be-http-hacks4geeks mode http server srv-http-hacks4geeks 192.168.1.10:80 backend be-http-audio-hacks4geeks mode http server srv-http-audio-hacks4geeks 192.168.1.10:80 backend be-http-nube-hacks4geeks mode http server srv-http-nube-hacks4geeks 192.168.1.10:80 backend be-http-video-hacks4geeks mode http server srv-http-video-hacks4geeks 192.168.1.10:80 # ---- HTTPS BackEnds ---- backend be-https-hacks4geeks mode tcp server srv-https-hacks4geeks 192.168.1.10:443 backend be-https-audio-hacks4geeks mode tcp server srv-https-audio-hacks4geeks 192.168.1.10:443 backend be-https-nube-hacks4geeks mode tcp server srv-https-nube-hacks4geeks 192.168.1.10:443 backend be-https-video-hacks4geeks mode tcp server srv-https-video-hacks4geeks 192.168.1.10:443
Técnico superior ASIR. Tecnópata auto-diagnosticado. Podcaster. Librepensador sincericida. Comunicador ácido no apto para «flower powers».
Me gusta desmontar todo y volverlo a montar.