Add 'haproxy.cfg'

haproxy.cfg

@@ -0,0 +1,65 @@
+global
+  log /dev/log daemon
+  maxconn 32768
+  chroot /var/lib/haproxy
+  user haproxy
+  group haproxy
+  daemon
+  stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
+  tune.bufsize 32768
+  tune.ssl.default-dh-param 2048
+  ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+  ssl-default-bind-options prefer-client-ciphers no-tls-tickets
+  ssl-default-bind-options ssl-min-ver TLSv1.2
+  ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+  ssl-default-server-options no-tls-tickets
+
+defaults
+  log     global
+  mode    http
+  option  log-health-checks
+  option  log-separate-errors
+  option  dontlog-normal
+  option  dontlognull
+  option  httplog
+  option  socket-stats
+  retries 3
+  option  redispatch
+  maxconn 10000
+  timeout connect     5s
+  timeout client     50s
+  timeout server    450s
+  timeout tunnel        3600s
+  timeout http-keep-alive  1s
+  timeout http-request    15s
+  timeout queue           30s
+  timeout tarpit          60s
+  default-server inter 3s rise 2 fall 3
+
+listen stats
+  bind 0.0.0.0:9090
+  stats enable
+  stats uri     /
+  stats refresh 5s
+
+frontend http
+  bind 0.0.0.0:80
+  mode http
+  use_backend kube
+
+backend kube
+  balance leastconn
+  mode http
+  http-request set-header Host "birb.k8s.kmlabz.com"
+  compression algo gzip
+  server cloud zelenka.tormakristof.eu:443 check ssl veryfy none
+
+listen mqtt
+  bind *:1883
+  mode tcp
+  option clitcpka
+  timeout client 3h
+  timeout server 3h
+  option tcplog
+  balance leastconn
+  server worker1 zelenka.tormakristof.eu:8883 check ssl verify none