#--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats # utilize system-wide crypto-policies #ssl-default-bind-ciphers PROFILE=SYSTEM ssl-default-server-ciphers PROFILE=SYSTEM ssl-dh-param-file /etc/haproxy/dhparams.pem #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 2m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend http_balancer bind 10.10.10.96:80 option http-server-close option forwardfor stats enable # Enable stats page stats realm GPI- HAProxy Statistics # Title text for popup window stats uri /haproxy?stats_ssl # Stats URI for each backend stats auth haproxyuser:proxypwd # Authentication credentials acl url_static path_beg -i /i acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static default_backend tomcat_ords #--------------------------------------------------------------------- frontend https_balancer_ssl bind 10.10.10.96:443 ssl crt /etc/ssl/private/haproxy.pem mode http http-request set-header X-Forwarded-For %[src] reqadd X-Forwarded-Proto:\ https option http-server-close acl url_static path_beg -i /i acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static default_backend tomcat_ords #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend static balance roundrobin cookie SERVERID insert indirect nocache server apex01 10.10.10.90:443 check ssl verify none cookie 1 server oracledb23c01 10.10.10.112:443 check ssl verify none cookie 2 backend tomcat_ords mode http balance roundrobin # Wird nur benötigt wenn der HA auf dem gleichen Host läuft # Und dieser auf Localhost Zugriffe gehärtet ist! # #option httpchk HEAD / HTTP/1.1\r\nHost:\ localhost cookie SERVERID insert indirect nocache server apex01 10.10.10.90:8080 check cookie 1 server oracledb23c01 10.10.10.112:8080 check cookie 2