SSL때문에 줄곧 haproxy-1.5-dev18.tar.gz을 사용하고 있었는데.. 

언제부터인가 1.5는 안정화 버전이 되었고. 1.6이 개발버전이 되어있군요.

도메인도 http://www.haproxy.org/ 로 변경되었고..


 

http://www.haproxy.org/download/1.5/src/haproxy-1.5.8.tar.gz

이걸로 갈아탑니다. ㅎㅎ


건승하는 사이트가 되길 바라며.. HAProxy 화이팅~!


 

참고용


global

  log 127.0.0.1 local0

  chroot /usr/local/haproxy

  maxconn 4096

  daemon

  uid 99

  gid 99


defaults

  log     global

  mode    http

  # Add x-forward-for header.

  option forwardfor

  option http-server-close

  option  httplog

  option  dontlognull

  option redispatch

  option  contstats

  retries 3

  backlog 10000

  # Timeout.

  timeout client 25s

  timeout connect 5s

  timeout server 25s

  # Long timeout for WebSocket connections.

  timeout tunnel 3600s

  timeout http-keep-alive  65s

  timeout http-request 15s

  timeout queue 30s

  timeout tarpit 60s


frontend public

  # HTTP  

  bind :80

  # Redirect all HTTP traffic to HTTPS

  #redirect scheme https if !{ ssl_fc }


  # HTTPS

  # Example with CA certificate bundle

  #bind :443 ssl crt /usr/local/openssl/CA/server.pem ca-file /usr/local/openssl/CA/certs/ca.crt verify required

  # Example without CA certification bunch

  #bind :443 ssl crt /usr/local/openssl/CA/server.pem


  # The node backends - websockets will be managed automatically, given the

  # right base paths to send them to the right Node.js backend.

  #

  # If you wanted to specifically send websocket traffic somewhere different

  # you'd use an ACL like { hdr(Upgrade) -i WebSocket }. Looking at path works

  # just as well, though - such as { path_beg /socket.io } or similar. Adjust your

  # rules to suite your specific setup.

  use_backend web if { path_beg /resources }

  use_backend service if { path_beg /service } 

  use_backend realtime if { path_beg /realtime }

  use_backend realtime if { path_beg /socket.io.realtime }

  use_backend file if { path_beg /file }

  # Everything else to node.

  default_backend web


backend realtime

  # Tell the backend that this is a secure connection,

  # even though it's getting plain HTTP.

  #reqadd X-Forwarded-Proto:\ https

 

  balance roundrobin

  # For Sticky Session

  appsession JSESSIONID len 30 timeout 3h request-learn prefix  

  # Check by hitting a page intended for this use.

  option httpchk GET realtime/isrunning

  timeout check 500ms

  # Wait 500ms between checks.

  server realtime1 172.31.0.11:8085 cookie realtime1


backend file

  # Tell the backend that this is a secure connection,

  # even though it's getting plain HTTP.

  #reqadd X-Forwarded-Proto:\ https

 

  balance roundrobin

  # For Sticky Session

  appsession JSESSIONID len 30 timeout 3h request-learn prefix

  # Check by hitting a page intended for this use.

  option httpchk GET file/isrunning

  timeout check 500ms

  # Wait 500ms between checks.

  server file1 172.31.0.11:8086 cookie file1 

 

backend service

  # Tell the backend that this is a secure connection,

  # even though it's getting plain HTTP.

  #reqadd X-Forwarded-Proto:\ https 

  

  balance roundrobin

  # For Sticky Session

  appsession JSESSIONID len 30 timeout 3h request-learn prefix

  # Check by hitting a page intended for this use.

  option httpchk GET /service/isrunning

  timeout check 500ms

  # Wait 500ms between checks.

  server service1 172.31.0.11:8080 cookie service1


backend web

  # Tell the backend that this is a secure connection,

  # even though it's getting plain HTTP.

  #reqadd X-Forwarded-Proto:\ https

 

  balance roundrobin 

  # Check by hitting a page intended for this use.

  option httpchk GET /web/isrunning

  timeout check 500ms

  # Wait 500ms between checks.

  #server web1 172.31.0.11:80 cookie web1

  # for varnish

  server web1 172.31.0.11:6081 cookie web1


# For displaying HAProxy statistics.

frontend stats

  # HTTPS only.

  # Example with CA certificate bundle

  bind :1936 ssl crt /usr/local/openssl/CA/server.pem ca-file /usr/local/openssl/CA/certs/ca.crt verify required

  # Example without CA certification bunch

  #bind :1936 ssl crt /usr/local/openssl/CA/server.pem

  default_backend stats

 

backend stats

  stats enable

  stats hide-version

  stats realm Haproxy\ Statistics

  stats uri /

  stats auth test:test



+ Recent posts