참고용
global
log 127.0.0.1 local0
chroot /usr/local/haproxy
maxconn 4096
daemon
uid 99
gid 99
defaults
log global
mode http
# Add x-forward-for header.
option forwardfor
option http-server-close
option httplog
option dontlognull
option redispatch
option contstats
retries 3
backlog 10000
# Timeout.
timeout client 25s
timeout connect 5s
timeout server 25s
# Long timeout for WebSocket connections.
timeout tunnel 3600s
timeout http-keep-alive 65s
timeout http-request 15s
timeout queue 30s
timeout tarpit 60s
frontend public
# HTTP
bind :80
# Redirect all HTTP traffic to HTTPS
#redirect scheme https if !{ ssl_fc }
# HTTPS
# Example with CA certificate bundle
#bind :443 ssl crt /usr/local/openssl/CA/server.pem ca-file /usr/local/openssl/CA/certs/ca.crt verify required
# Example without CA certification bunch
#bind :443 ssl crt /usr/local/openssl/CA/server.pem
# The node backends - websockets will be managed automatically, given the
# right base paths to send them to the right Node.js backend.
#
# If you wanted to specifically send websocket traffic somewhere different
# you'd use an ACL like { hdr(Upgrade) -i WebSocket }. Looking at path works
# just as well, though - such as { path_beg /socket.io } or similar. Adjust your
# rules to suite your specific setup.
use_backend web if { path_beg /resources }
use_backend service if { path_beg /service }
use_backend realtime if { path_beg /realtime }
use_backend realtime if { path_beg /socket.io.realtime }
use_backend file if { path_beg /file }
# Everything else to node.
default_backend web
backend realtime
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
#reqadd X-Forwarded-Proto:\ https
balance roundrobin
# For Sticky Session
appsession JSESSIONID len 30 timeout 3h request-learn prefix
# Check by hitting a page intended for this use.
option httpchk GET realtime/isrunning
timeout check 500ms
# Wait 500ms between checks.
server realtime1 172.31.0.11:8085 cookie realtime1
backend file
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
#reqadd X-Forwarded-Proto:\ https
balance roundrobin
# For Sticky Session
appsession JSESSIONID len 30 timeout 3h request-learn prefix
# Check by hitting a page intended for this use.
option httpchk GET file/isrunning
timeout check 500ms
# Wait 500ms between checks.
server file1 172.31.0.11:8086 cookie file1
backend service
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
#reqadd X-Forwarded-Proto:\ https
balance roundrobin
# For Sticky Session
appsession JSESSIONID len 30 timeout 3h request-learn prefix
# Check by hitting a page intended for this use.
option httpchk GET /service/isrunning
timeout check 500ms
# Wait 500ms between checks.
server service1 172.31.0.11:8080 cookie service1
backend web
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
#reqadd X-Forwarded-Proto:\ https
balance roundrobin
# Check by hitting a page intended for this use.
option httpchk GET /web/isrunning
timeout check 500ms
# Wait 500ms between checks.
#server web1 172.31.0.11:80 cookie web1
# for varnish
server web1 172.31.0.11:6081 cookie web1
# For displaying HAProxy statistics.
frontend stats
# HTTPS only.
# Example with CA certificate bundle
bind :1936 ssl crt /usr/local/openssl/CA/server.pem ca-file /usr/local/openssl/CA/certs/ca.crt verify required
# Example without CA certification bunch
#bind :1936 ssl crt /usr/local/openssl/CA/server.pem
default_backend stats
backend stats
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth test:test
