File: oci-poc-haproxy

package info (click to toggle)
openstack-cluster-installer 43.0.18
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 4,484 kB
  • sloc: php: 19,127; sh: 18,142; ruby: 75; makefile: 31; xml: 8
file content (73 lines) | stat: -rwxr-xr-x 2,294 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
#!/bin/sh

set -e
set -x

MY_IP=$(hostname -i)

mkdir -p /etc/haproxy/ssl/private
cat /etc/ssl/certs/ssl-cert-snakeoil.pem >/etc/haproxy/ssl/private/oci-poc.pem
cat /etc/ssl/private/ssl-cert-snakeoil.key >>/etc/haproxy/ssl/private/oci-poc.pem

echo "global
  chroot  /var/lib/haproxy
  daemon  
  group  haproxy
  log  /dev/log local0
  maxconn  40960
  nbthread  8
  pidfile  /var/run/haproxy.pid
  ssl-default-bind-ciphers  ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  ssl-default-bind-options  no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  ssl-default-server-ciphers  ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  ssl-default-server-options  no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  stats  socket /var/lib/haproxy/stats
  stats  socket /var/lib/haproxy/admin.sock mode 600 level admin
  stats  timeout 30s
  user  haproxy

defaults
  log  global
  maxconn  8000
  mode  http
  monitor-uri  /health
  option  httplog
  retries  3
  timeout  http-request 10s
  timeout  queue 1m
  timeout  connect 10s
  timeout  client 1m
  timeout  server 1m
  timeout  check 10s

frontend ocipoc
  bind ${MY_IP}:443 ssl crt /etc/haproxy/ssl/private/oci-poc.pem crt /etc/haproxy/ssl/private/
  mode http
  option forwardfor except ${MY_IP}
  acl url_horizon path_beg -i /horizon
  use_backend horizonbe

backend horizonbe
  option forwardfor
  server cl1-api.infomaniak.ch 192.168.106.2:443 check check-ssl ssl verify none

frontend haproxystat
  bind ${MY_IP}:8088
  mode http
  use_backend haproxystatbe

backend haproxystatbe
  option forwardfor
  server cl1-controller-1 192.168.101.2:8088

frontend rbmonit
  bind ${MY_IP}:15671
  mode http
  use_backend rbmonitbe

backend rbmonitbe
  option forwardfor
  server cl1-controller-1 192.168.101.2:15671 check check-ssl ssl verify none
" > /etc/haproxy/haproxy.cfg

systemctl reload haproxy