diff --git a/sisr2/sisr/20-LB/haproxy.cfg b/sisr2/sisr/20-LB/haproxy.cfg new file mode 100644 index 0000000..ed6be33 --- /dev/null +++ b/sisr2/sisr/20-LB/haproxy.cfg @@ -0,0 +1,53 @@ +global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon + + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate + ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets + +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +# Define front-end +frontend http-in + # listen on 80 port + bind *:80 + # set default backend + default_backend backend_servers + # send X-Forwarded-For header (permet d'afficher la bonne adresse dont la requĂȘte provient et pas l'adresse du haproxy) + option forwardfor + +# define backend +backend backend_servers + # balance with roundrobin + balance roundrobin + # option forward for + option forwardfor + # define backend servers + server node01 172.16.1.1:80 check + server node02 172.16.1.2:80 check