90 lines
2.8 KiB
INI
90 lines
2.8 KiB
INI
global
|
|
# NOTE: on startup haproxy chroot's to /var/lib/haproxy.
|
|
#
|
|
# Unfortunately the program will open some files prior to the call to
|
|
# chroot never to reopen them, and some after. So looking at the on-disk
|
|
# layout of haproxy resources you will find some resources relative to /
|
|
# such as the admin socket, and some relative to /var/lib/haproxy such as
|
|
# the log socket.
|
|
#
|
|
# The logging socket is (re-)opened after the chroot and must be relative
|
|
# to /var/lib/haproxy.
|
|
log /dev/log local0
|
|
log /dev/log local1 notice
|
|
maxconn 20000
|
|
user haproxy
|
|
group haproxy
|
|
spread-checks 0
|
|
# The admin socket is opened prior to the chroot never to be reopened, so
|
|
# it lives outside the chroot directory in the filesystem.
|
|
stats socket /var/run/haproxy/admin.sock mode 600 level admin
|
|
stats timeout 2m
|
|
|
|
defaults
|
|
log global
|
|
mode tcp
|
|
option tcplog
|
|
option dontlognull
|
|
retries 3
|
|
{%- if options.haproxy_queue_timeout %}
|
|
timeout queue {{ options.haproxy_queue_timeout }}
|
|
{%- else %}
|
|
timeout queue 9000
|
|
{%- endif %}
|
|
{%- if options.haproxy_connect_timeout %}
|
|
timeout connect {{ options.haproxy_connect_timeout }}
|
|
{%- else %}
|
|
timeout connect 9000
|
|
{%- endif %}
|
|
{%- if options.haproxy_client_timeout %}
|
|
timeout client {{ options.haproxy_client_timeout }}
|
|
{%- else %}
|
|
timeout client 90000
|
|
{%- endif %}
|
|
{%- if options.haproxy_server_timeout %}
|
|
timeout server {{ options.haproxy_server_timeout }}
|
|
{%- else %}
|
|
timeout server 90000
|
|
{%- endif %}
|
|
|
|
listen stats
|
|
bind {{ options.local_host }}:{{ options.haproxy_stat_port }}
|
|
mode http
|
|
stats enable
|
|
stats hide-version
|
|
stats realm Haproxy\ Statistics
|
|
stats uri /
|
|
stats auth admin:{{ options.haproxy_stat_password }}
|
|
|
|
{% if cluster.cluster_hosts -%}
|
|
{% for service, ports in options.service_ports.items() -%}
|
|
frontend tcp-in_{{ service }}
|
|
bind *:{{ ports[0] }}
|
|
{% if options.ipv6_enabled -%}
|
|
bind :::{{ ports[0] }}
|
|
{% endif -%}
|
|
{% for frontend in cluster.cluster_hosts -%}
|
|
acl net_{{ frontend }} dst {{ cluster.cluster_hosts[frontend]['network'] }}
|
|
use_backend {{ service }}_{{ frontend }} if net_{{ frontend }}
|
|
{% endfor -%}
|
|
default_backend {{ service }}_{{ options.local_address }}
|
|
|
|
{% for frontend in cluster.cluster_hosts -%}
|
|
backend {{ service }}_{{ frontend }}
|
|
balance leastconn
|
|
{% if options.haproxy_healthcheck -%}
|
|
{% for key, val in options.haproxy_healthcheck.items() -%}
|
|
{{ key }} {{ val }}
|
|
{% endfor -%}
|
|
{% endif -%}
|
|
{% for unit, address in cluster.cluster_hosts[frontend]['backends'].items() -%}
|
|
{% if options.ssl -%}
|
|
server {{ unit }} {{ address }}:{{ ports[1] }} check check-ssl verify none
|
|
{% else -%}
|
|
server {{ unit }} {{ address }}:{{ ports[1] }} check
|
|
{% endif -%}
|
|
{% endfor %}
|
|
{% endfor -%}
|
|
{% endfor -%}
|
|
{% endif -%}
|