better logging
This commit is contained in:
parent
e392e201f4
commit
70416407f5
|
|
@ -31,6 +31,18 @@ haproxy:
|
||||||
extra_param: backup
|
extra_param: backup
|
||||||
- server: 192.168.20.24
|
- server: 192.168.20.24
|
||||||
extra_param: backup
|
extra_param: backup
|
||||||
|
- frontend:
|
||||||
|
- hass.badjware.dev
|
||||||
|
backend:
|
||||||
|
- server: 192.168.20.20
|
||||||
|
- server: 192.168.20.21
|
||||||
|
extra_param: backup
|
||||||
|
- server: 192.168.20.22
|
||||||
|
extra_param: backup
|
||||||
|
- server: 192.168.20.23
|
||||||
|
extra_param: backup
|
||||||
|
- server: 192.168.20.24
|
||||||
|
extra_param: backup
|
||||||
- frontend:
|
- frontend:
|
||||||
- s3.badjware.dev
|
- s3.badjware.dev
|
||||||
backend:
|
backend:
|
||||||
|
|
|
||||||
|
|
@ -7,10 +7,13 @@ global
|
||||||
tune.ssl.default-dh-param 2048
|
tune.ssl.default-dh-param 2048
|
||||||
|
|
||||||
defaults
|
defaults
|
||||||
|
log global
|
||||||
|
log /dev/log local0 notice
|
||||||
|
|
||||||
timeout connect 5s
|
timeout connect 5s
|
||||||
timeout client 120s
|
timeout client 120s
|
||||||
timeout server 120s
|
timeout server 120s
|
||||||
log global
|
timeout tunnel 1h
|
||||||
|
|
||||||
default-server init-addr last,none resolvers dns
|
default-server init-addr last,none resolvers dns
|
||||||
|
|
||||||
|
|
@ -35,24 +38,29 @@ frontend http_management
|
||||||
acl prefixed-with-metrics path_beg -i /metrics
|
acl prefixed-with-metrics path_beg -i /metrics
|
||||||
use_backend haproxy_metrics if prefixed-with-metrics
|
use_backend haproxy_metrics if prefixed-with-metrics
|
||||||
|
|
||||||
|
frontend http_in
|
||||||
|
bind *:80
|
||||||
|
mode http
|
||||||
|
|
||||||
|
# force https
|
||||||
|
redirect scheme https
|
||||||
|
|
||||||
# https frontend
|
# https frontend
|
||||||
frontend https_in
|
frontend https_in
|
||||||
bind *:80
|
|
||||||
# backend is assumed to be http, perform ssl termination here
|
# backend is assumed to be http, perform ssl termination here
|
||||||
bind *:443 ssl crt /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/{{ letsencrypt.domains[0] }}.pem alpn h2,http/1.1
|
bind *:443 ssl crt /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/{{ letsencrypt.domains[0] }}.pem alpn h2,http/1.1
|
||||||
|
|
||||||
mode http
|
mode http
|
||||||
option forwardfor
|
option httplog
|
||||||
|
|
||||||
# force https
|
|
||||||
http-request redirect scheme https unless { ssl_fc }
|
|
||||||
|
|
||||||
# set HSTS
|
# set HSTS
|
||||||
http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains;"
|
http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains;"
|
||||||
|
|
||||||
|
# set X-Forward-For
|
||||||
|
option forwardfor
|
||||||
|
|
||||||
# set X-Forwarded-Proto
|
# set X-Forwarded-Proto
|
||||||
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
http-request set-header X-Forwarded-Proto https
|
||||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
||||||
|
|
||||||
# request is ssl
|
# request is ssl
|
||||||
# tcp-request inspect-delay 5s
|
# tcp-request inspect-delay 5s
|
||||||
|
|
@ -84,7 +92,7 @@ backend https_{{ http_route.frontend[0]|replace('.','_') }}
|
||||||
mode http
|
mode http
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
{% for dst in http_route.backend %}
|
{% for dst in http_route.backend %}
|
||||||
server {{ dst.server }} {{ dst.server }}{% if ':' not in dst.server %}:443{% endif %} check {% if http_route.ssl|default(true) %}ssl verify none alpn h2{% endif %} {{ dst.extra_param|default('') }}
|
server {{ dst.server }} {{ dst.server }}{% if ':' not in dst.server %}:443{% endif %} check {% if http_route.ssl|default(true) %}ssl verify none alpn h2,http/1.1{% endif %} {{ dst.extra_param|default('') }}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue