94 lines
2.7 KiB
INI
94 lines
2.7 KiB
INI
global
|
|
# NOTE: on startup haproxy chroot's to /var/lib/haproxy.
|
|
#
|
|
# Unfortunately the program will open some files prior to the call to
|
|
# chroot never to reopen them, and some after. So looking at the on-disk
|
|
# layout of haproxy resources you will find some resources relative to /
|
|
# such as the admin socket, and some relative to /var/lib/haproxy such as
|
|
# the log socket.
|
|
#
|
|
# The logging socket is (re-)opened after the chroot and must be relative
|
|
# to /var/lib/haproxy.
|
|
log /dev/log local0
|
|
log /dev/log local1 notice
|
|
maxconn 20000
|
|
user haproxy
|
|
group haproxy
|
|
spread-checks 0
|
|
# The admin socket is opened prior to the chroot never to be reopened, so
|
|
# it lives outside the chroot directory in the filesystem.
|
|
stats socket /var/run/haproxy/admin.sock mode 600 level admin
|
|
stats timeout 2m
|
|
|
|
defaults
|
|
log global
|
|
mode tcp
|
|
option tcplog
|
|
option dontlognull
|
|
retries 3
|
|
{%- if haproxy_queue_timeout %}
|
|
timeout queue {{ haproxy_queue_timeout }}
|
|
{%- else %}
|
|
timeout queue 9000
|
|
{%- endif %}
|
|
{%- if haproxy_connect_timeout %}
|
|
timeout connect {{ haproxy_connect_timeout }}
|
|
{%- else %}
|
|
timeout connect 9000
|
|
{%- endif %}
|
|
{%- if haproxy_client_timeout %}
|
|
timeout client {{ haproxy_client_timeout }}
|
|
{%- else %}
|
|
timeout client 90000
|
|
{%- endif %}
|
|
{%- if haproxy_server_timeout %}
|
|
timeout server {{ haproxy_server_timeout }}
|
|
{%- else %}
|
|
timeout server 90000
|
|
{%- endif %}
|
|
|
|
listen stats
|
|
bind {{ local_host }}:{{ stat_port }}
|
|
mode http
|
|
stats enable
|
|
stats hide-version
|
|
stats realm Haproxy\ Statistics
|
|
stats uri /
|
|
stats auth admin:{{ stat_password }}
|
|
|
|
{% if frontends -%}
|
|
{% for service, ports in service_ports.items() -%}
|
|
frontend tcp-in_{{ service }}
|
|
bind *:{{ ports[0] }}
|
|
{% if ipv6_enabled -%}
|
|
bind :::{{ ports[0] }}
|
|
{% endif -%}
|
|
{% for frontend in frontends -%}
|
|
acl net_{{ frontend }} dst {{ frontends[frontend]['network'] }}
|
|
use_backend {{ service }}_{{ frontend }} if net_{{ frontend }}
|
|
{% endfor -%}
|
|
default_backend {{ service }}_{{ default_backend }}
|
|
|
|
{% for frontend in frontends -%}
|
|
backend {{ service }}_{{ frontend }}
|
|
balance leastconn
|
|
{% if backend_options -%}
|
|
{% if backend_options[service] -%}
|
|
{% for option in backend_options[service] -%}
|
|
{% for key, value in option.items() -%}
|
|
{{ key }} {{ value }}
|
|
{% endfor -%}
|
|
{% endfor -%}
|
|
{% endif -%}
|
|
{% endif -%}
|
|
{% for unit, address in frontends[frontend]['backends'].items() -%}
|
|
{% if https -%}
|
|
server {{ unit }} {{ address }}:{{ ports[1] }} check check-ssl verify none
|
|
{% else -%}
|
|
server {{ unit }} {{ address }}:{{ ports[1] }} check
|
|
{% endif -%}
|
|
{% endfor %}
|
|
{% endfor -%}
|
|
{% endfor -%}
|
|
{% endif -%}
|