Created
July 11, 2017 15:51
-
-
Save dvanders/857ffcf7249849cffc8d784c55b1a4d5 to your computer and use it in GitHub Desktop.
CERN haproxy.cfg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file managed by Puppet | |
| global | |
| chroot /var/lib/haproxy | |
| group haproxy | |
| log 127.0.0.1 local0 | |
| maxconn 2048 | |
| pidfile /var/run/haproxy.pid | |
| ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK | |
| stats socket /var/lib/haproxy/stats level admin | |
| tune.ssl.default-dh-param 2048 | |
| user haproxy | |
| defaults | |
| log global | |
| maxconn 2048 | |
| mode http | |
| option redispatch | |
| option http-server-close | |
| option contstats | |
| option httplog | |
| retries 3 | |
| stats enable | |
| timeout http-request 10s | |
| timeout queue 30s | |
| timeout connect 10s | |
| timeout client 1m | |
| timeout server 1m | |
| timeout check 10s | |
| frontend cs3.cern.ch-frontend | |
| bind ipv4@:80,ipv6@:80 | |
| acl haproxy_stats url_beg /haproxy_stats | |
| acl dnsstyle_buckets hdr_sub(host) -i .cs3.cern.ch | |
| capture request header User-Agent len 256 | |
| capture request header Host len 128 | |
| http-request set-var(req.bucketname) hdr(host),regsub(.cs3.cern.ch,) if dnsstyle_buckets | |
| http-request set-var(req.bucketname) path,word(1,/) if ! dnsstyle_buckets | |
| http-request set-header X-Debug-Bucket %[var(req.bucketname)] | |
| rate-limit sessions 10 | |
| timeout http-request 5m | |
| timeout client 5m | |
| use_backend stats if haproxy_stats | |
| use_backend %[var(req.bucketname),lower,map(/etc/haproxy/buckets.map,backend-gabe)] | |
| frontend cs3.cern.ch-frontend-ssl | |
| bind ipv4@:443,ipv6@:443 ssl no-sslv3 crt /etc/haproxy/cert.pem verify none | |
| acl haproxy_stats url_beg /haproxy_stats | |
| acl dnsstyle_buckets hdr_sub(host) -i .cs3.cern.ch | |
| capture request header User-Agent len 256 | |
| capture request header Host len 128 | |
| http-request set-var(req.bucketname) hdr(host),regsub(.cs3.cern.ch,) if dnsstyle_buckets | |
| http-request set-var(req.bucketname) path,word(1,/) if ! dnsstyle_buckets | |
| http-request set-header X-Debug-Bucket %[var(req.bucketname)] | |
| rate-limit sessions 10 | |
| timeout http-request 5m | |
| timeout client 5m | |
| use_backend stats if haproxy_stats | |
| use_backend %[var(req.bucketname),lower,map(/etc/haproxy/buckets.map,backend-gabe)] | |
| backend backend-beesly | |
| balance leastconn | |
| http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2 | |
| option httpchk GET / | |
| stick-table type ip size 20k peers mypeers | |
| backend backend-dwight | |
| balance leastconn | |
| http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2 | |
| option httpchk GET / | |
| stick-table type ip size 20k peers mypeers | |
| server cephrgwd01.cern.ch 188.184.184.100:8080 check inter 30000 | |
| backend backend-gabe | |
| balance leastconn | |
| http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2 | |
| option httpchk GET / | |
| stick-table type ip size 20k peers mypeers | |
| server cephgabe-rgw-141f8a735f.cern.ch 188.185.79.29:8080 check inter 30000 | |
| server cephgabe-rgw-54147b6197.cern.ch 188.184.86.186:8080 check inter 30000 | |
| server cephgabe-rgw-8b94da0839.cern.ch 188.185.70.64:8080 check inter 30000 | |
| server cephgabe-rgw-8f7e40e175.cern.ch 188.184.95.16:8080 check inter 30000 | |
| server cephgabe-rgw-92b67e1e4c.cern.ch 188.184.94.97:8080 check inter 30000 | |
| backend backend-gabe-atlas | |
| balance leastconn | |
| http-response replace-value X-Storage-Url ^http://([a-z0-9.]+):[0-9]{1,5}(.*)$ https://\1\2 | |
| option httpchk GET / | |
| stick-table type ip size 20k peers mypeers | |
| server cephgabe-rgw-1b52a31689.cern.ch 188.184.83.125:8080 check inter 30000 | |
| server cephgabe-rgw-887e737c1c.cern.ch 188.184.95.79:8080 check inter 30000 | |
| server cephgabe-rgw-8ceddb4c40.cern.ch 188.185.79.228:8080 check inter 30000 | |
| server cephgabe-rgw-926f5a12a0.cern.ch 188.184.87.159:8080 check inter 30000 | |
| server cephgabe-rgw-c4737ad05a.cern.ch 188.184.81.67:8080 check inter 30000 | |
| backend stats | |
| stats enable | |
| stats uri /haproxy_stats | |
| stats auth yyy:xxx | |
| stats refresh 2s | |
| stats admin if TRUE | |
| peers mypeers | |
| peer cephgabe-rgw-141f8a735f.cern.ch 188.185.79.29:7777 | |
| peer cephgabe-rgw-1b52a31689.cern.ch 188.184.83.125:7777 | |
| peer cephgabe-rgw-54147b6197.cern.ch 188.184.86.186:7777 | |
| peer cephgabe-rgw-887e737c1c.cern.ch 188.184.95.79:7777 | |
| peer cephgabe-rgw-8b94da0839.cern.ch 188.185.70.64:7777 | |
| peer cephgabe-rgw-8ceddb4c40.cern.ch 188.185.79.228:7777 | |
| peer cephgabe-rgw-8f7e40e175.cern.ch 188.184.95.16:7777 | |
| peer cephgabe-rgw-926f5a12a0.cern.ch 188.184.87.159:7777 | |
| peer cephgabe-rgw-92b67e1e4c.cern.ch 188.184.94.97:7777 | |
| peer cephgabe-rgw-c4737ad05a.cern.ch 188.184.81.67:7777 | |
| peer cephrgwd01.cern.ch 188.184.184.100:7777 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment