Add 'haproxy.cfg'

This commit is contained in:
Torma Kristóf 2021-04-27 00:26:18 +02:00
parent ecd6419f24
commit e4961079ff

65
haproxy.cfg Normal file
View File

@ -0,0 +1,65 @@
global
log /dev/log daemon
maxconn 32768
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
tune.bufsize 32768
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-tls-tickets
ssl-default-bind-options ssl-min-ver TLSv1.2
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-tls-tickets
defaults
log global
mode http
option log-health-checks
option log-separate-errors
option dontlog-normal
option dontlognull
option httplog
option socket-stats
retries 3
option redispatch
maxconn 10000
timeout connect 5s
timeout client 50s
timeout server 450s
timeout tunnel 3600s
timeout http-keep-alive 1s
timeout http-request 15s
timeout queue 30s
timeout tarpit 60s
default-server inter 3s rise 2 fall 3
listen stats
bind 0.0.0.0:9090
stats enable
stats uri /
stats refresh 5s
frontend http
bind 0.0.0.0:80
mode http
use_backend kube
backend kube
balance leastconn
mode http
http-request set-header Host "birb.k8s.kmlabz.com"
compression algo gzip
server cloud zelenka.tormakristof.eu:443 check ssl veryfy none
listen mqtt
bind *:1883
mode tcp
option clitcpka
timeout client 3h
timeout server 3h
option tcplog
balance leastconn
server worker1 zelenka.tormakristof.eu:8883 check ssl verify none