haproxy-config 0.4.1

Parse HAProxy configs and easily query it
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

#global configuration
global
	# optional: extensively log incoming requests
	# logs end up where /etc/rsyslog.d/haproxy.conf decides
	# right now thats in /var/log/haproxy.log
	# also enable the lines in default
	log /dev/log local0 notice

	# drop back from root asap
	user haproxy
	group haproxy
	# limit the number of processes and threads
	# since we run on limited hw
	nbproc 1
	nbthread 1
	# limit connections (due to hw)
	maxconn 200


defaults
	# optional loggin
	log global
	option httplog

	# timeouts
    timeout client 30s
    timeout connect 4s
    timeout server 30s
    # timeouts to limit ddos capabilities
    timeout http-request 10s
    timeout http-keep-alive 2s
    timeout queue 5s
    timeout tunnel 2m
    timeout client-fin 1s
    timeout server-fin 1s


frontend stats
	mode http
	bind *:9999
	stats enable
	stats uri /stats
	stats refresh 1s
	
	# stats admin false
	stats auth admin:pass

	# stats page only accessible from two ips
	acl network_allowed src 192.168.1.46 LOCALHOST
	http-request deny if !network_allowed


frontend matrix
	mode http
	bind *:8448 ssl crt /etc/ssl/certs/domain.dev.pem
	acl url_matrix path_beg /_matrix
	use_backend matrix if url_matrix


frontend http
	mode http
	bind *:80 # only used for letsencryt backend

	# redirect if using http, except if meant for letsencrypt
	# backend. code 301 (permanent redirect) as we only host https
	acl url_letsencrypt path_beg /.well-known/acme-challenge/
	http-request redirect scheme https code 301 unless url_letsencrypt
	use_backend letsencrypt

frontend https
	mode http
	bind *:443 ssl crt /etc/ssl/certs/domain.dev.pem

	# req.hdr(host) gets the url, change to lowercase then
	# send request to a backend following the map
	# note that no spaces are allowed here
	use_backend %[base,lower,map_beg(/etc/haproxy/hosts.map)]


backend letsencrypt # no need to check health
	mode http
	server certbot 127.0.0.1:42

backend server_a # no need to check health
	mode http
	server webserver 127.0.0.1:43 check

backend server_b
	mode http
	server conduit 127.0.0.1:44 check

backend server_c
	mode http
	server microbin 127.0.0.1:45 check

backend server_d
    mode http
    server home_automation 127.0.0.1:46 check

backend server_e
    mode http
    server  data_splitter 127.0.0.1:47 check

backend server_f
    mode http
    server data_server 127.0.0.1:48 check

backend server_g
    mode http
    server data_server_dev 127.0.0.1:49 check