| #--------------------------------------------------------------------- |
| # Example configuration for a possible web application. See the |
| # full configuration options online. |
| # |
| # https://www.haproxy.org/download/1.8/doc/configuration.txt |
| # |
| #--------------------------------------------------------------------- |
| |
| #--------------------------------------------------------------------- |
| # Global settings |
| #--------------------------------------------------------------------- |
| global |
| # to have these messages end up in /var/log/haproxy.log you will |
| # need to: |
| # |
| # 1) configure syslog to accept network log events. This is done |
| # by adding the '-r' option to the SYSLOGD_OPTIONS in |
| # /etc/sysconfig/syslog |
| # |
| # 2) configure local2 events to go to the /var/log/haproxy.log |
| # file. A line like the following can be added to |
| # /etc/sysconfig/syslog |
| # |
| # local2.* /var/log/haproxy.log |
| # |
| log 127.0.0.1 local2 |
| |
| chroot /var/lib/haproxy |
| pidfile /var/run/haproxy.pid |
| maxconn 4000 |
| user haproxy |
| group haproxy |
| daemon |
| |
| # turn on stats unix socket |
| stats socket /var/lib/haproxy/stats |
| |
| # utilize system-wide crypto-policies |
| ssl-default-bind-ciphers PROFILE=SYSTEM |
| ssl-default-server-ciphers PROFILE=SYSTEM |
| |
| #--------------------------------------------------------------------- |
| # common defaults that all the 'listen' and 'backend' sections will |
| # use if not designated in their block |
| #--------------------------------------------------------------------- |
| defaults |
| log global |
| option httplog |
| option dontlognull |
| option http-server-close |
| option forwardfor except 127.0.0.0/8 |
| option redispatch |
| |
| #--------------------------------------------------------------------- |
| # main frontend which proxys to the backends |
| #--------------------------------------------------------------------- |
| frontend main |
| mode tcp |
| log global |
| option tcplog |
| bind *:{{ api_server_tls_port }} ssl crt {{ haproxy_api_server_ssl_cert }} |
| default_backend fix-backend |
| |
| #--------------------------------------------------------------------- |
| # static backend for serving up images, stylesheets and such |
| #--------------------------------------------------------------------- |
| |
| #--------------------------------------------------------------------- |
| # round robin balancing between the various backends |
| #--------------------------------------------------------------------- |
| backend fix-backend |
| mode tcp |
| log global |
| option tcplog |
| server quickfix {{ airavata_api_host }}:{{ api_server_port }} check |