better logging
This commit is contained in:
parent
e392e201f4
commit
70416407f5
|
|
@ -31,6 +31,18 @@ haproxy:
|
|||
extra_param: backup
|
||||
- server: 192.168.20.24
|
||||
extra_param: backup
|
||||
- frontend:
|
||||
- hass.badjware.dev
|
||||
backend:
|
||||
- server: 192.168.20.20
|
||||
- server: 192.168.20.21
|
||||
extra_param: backup
|
||||
- server: 192.168.20.22
|
||||
extra_param: backup
|
||||
- server: 192.168.20.23
|
||||
extra_param: backup
|
||||
- server: 192.168.20.24
|
||||
extra_param: backup
|
||||
- frontend:
|
||||
- s3.badjware.dev
|
||||
backend:
|
||||
|
|
|
|||
|
|
@ -7,10 +7,13 @@ global
|
|||
tune.ssl.default-dh-param 2048
|
||||
|
||||
defaults
|
||||
log global
|
||||
log /dev/log local0 notice
|
||||
|
||||
timeout connect 5s
|
||||
timeout client 120s
|
||||
timeout server 120s
|
||||
log global
|
||||
timeout tunnel 1h
|
||||
|
||||
default-server init-addr last,none resolvers dns
|
||||
|
||||
|
|
@ -35,24 +38,29 @@ frontend http_management
|
|||
acl prefixed-with-metrics path_beg -i /metrics
|
||||
use_backend haproxy_metrics if prefixed-with-metrics
|
||||
|
||||
frontend http_in
|
||||
bind *:80
|
||||
mode http
|
||||
|
||||
# force https
|
||||
redirect scheme https
|
||||
|
||||
# https frontend
|
||||
frontend https_in
|
||||
bind *:80
|
||||
# backend is assumed to be http, perform ssl termination here
|
||||
bind *:443 ssl crt /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/{{ letsencrypt.domains[0] }}.pem alpn h2,http/1.1
|
||||
|
||||
mode http
|
||||
option forwardfor
|
||||
|
||||
# force https
|
||||
http-request redirect scheme https unless { ssl_fc }
|
||||
option httplog
|
||||
|
||||
# set HSTS
|
||||
http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains;"
|
||||
|
||||
# set X-Forward-For
|
||||
option forwardfor
|
||||
|
||||
# set X-Forwarded-Proto
|
||||
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||
http-request set-header X-Forwarded-Proto https
|
||||
|
||||
# request is ssl
|
||||
# tcp-request inspect-delay 5s
|
||||
|
|
@ -84,7 +92,7 @@ backend https_{{ http_route.frontend[0]|replace('.','_') }}
|
|||
mode http
|
||||
balance roundrobin
|
||||
{% for dst in http_route.backend %}
|
||||
server {{ dst.server }} {{ dst.server }}{% if ':' not in dst.server %}:443{% endif %} check {% if http_route.ssl|default(true) %}ssl verify none alpn h2{% endif %} {{ dst.extra_param|default('') }}
|
||||
server {{ dst.server }} {{ dst.server }}{% if ':' not in dst.server %}:443{% endif %} check {% if http_route.ssl|default(true) %}ssl verify none alpn h2,http/1.1{% endif %} {{ dst.extra_param|default('') }}
|
||||
|
||||
{% endfor %}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue