-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhaproxy.cfg
133 lines (110 loc) · 4.43 KB
/
haproxy.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#
# Copyright 2016 LambdaStack All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# NB: The bind: 0.0.0.0 below shows what a VM usually looks like. Change this to the IP if this is a bare-metal server.
global
daemon
user haproxy
group haproxy
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy/haproxy.asok level admin
log /dev/log local0 info
maxconn 2048
defaults
log global
mode http
option http-server-close
option abortonclose
option tcplog
option dontlognull
option nolinger
option redispatch
option forwardfor
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 5s
timeout check 10s
timeout client 30m
timeout server 30m
# This section is for a Web-UI if you have one
frontend webui
bind 0.0.0.0:80
redirect scheme https code 301 if !{ ssl_fc }
frontend webui-tls
bind 0.0.0.0:443 ssl crt /etc/ssl/private/<whatever your .pem file>
balance roundrobin
option httplog
use_backend webui-backend
backend webui-backend
option httpchk GET /
http-check expect status 200
server web <whatever your web IP is>:80 check port 80
# Add other servers here if needed
# End of Web-UI section
# NB: The examples below show Custom API and OpenStack APIs for Keystone and Nova. You can change to fit your environment.
# KEYSTONE Example
frontend keystone-api
bind 0.0.0.0:5000 ssl crt /etc/ssl/private/<whatever your .pem file>
balance source # source here since it's one server in one cluster/datacenter
option tcplog # tcplog here since data is wrapped via TLS
acl myvar_keystone_name_1 hdr_sub(x-api-cluster) mycluster
acl myvar_keystone_name_1 hdr_sub(x-api-locate) mydatacenter
use_backend keystone-api-myname1 if myvar_keystone_name_1
acl myvar_keystone_name_2 hdr_sub(x-api-cluster) mycluster2
acl myvar_keystone_name_2 hdr_sub(x-api-locate) mydatacenter2
use_backend keystone-api-myname2 if myvar_keystone_name_2
backend keystone-api-myname1
option httpchk GET /
http-check expect status 300 # Keystone uses 300 for OK
server my-keystone1 <backend server info>:5000 check ssl verify none
backend keystone-api-myname2
option httpchk GET /
http-check expect status 300 # Keystone uses 300 for OK
server my-keystone2 <backend server info>:5000 check ssl verify none
# NOVA Example
frontend nova-api
bind 0.0.0.0:8774 ssl crt /etc/ssl/private/<whatever your .pem file>
balance source # source here since it's one server in one cluster/datacenter
option tcplog # tcplog here since data is wrapped via TLS
acl myvar_nova_name_1 hdr_sub(x-api-cluster) mycluster
acl myvar_nova_name_1 hdr_sub(x-api-locate) mydatacenter
use_backend nova-api-myname1 if myvar_nova_name_1
acl myvar_nova_2 hdr_sub(x-api-cluster) mycluster2
acl myvar_nova_name_2 hdr_sub(x-api-locate) mydatacenter2
use_backend nova-api-myname2 if myvar_nova_name_2
backend nova-api-myname1
option httpchk GET /
http-check expect status 200 # Nova returns 200 on OK
server my-nova1 <backend server info>:8774 check ssl verify none
backend nova-api-myname2
option httpchk GET /
http-check expect status 200 # Nova returns 200 on OK
server my-nova2 <backend server info>:8774 check ssl verify none
# Custom API - Answer here on port 8080 and route to port 80 to one of 5 backend servers
frontend custom-api
bind 0.0.0.0:8080
balance roundrobin # roundrobin since there are many backends - change to fit your environment
# This section is not really needed but here anyway as an example
acl myvar_custom_name_1 hdr_sub(x-api-cluster) mycluster
acl myvar_custom_name_1 hdr_sub(x-api-locate) mydatacenter
use_backend custom-api-myname1 if myvar_custom_name_1
backend custom-api-myname1
option httpchk GET /
http-check expect status 200 # Custom returns 200 on OK
server my-custom1 <backend server info>:80
server my-custom2 <backend server info>:80
server my-custom3 <backend server info>:80
server my-custom4 <backend server info>:80
server my-custom5 <backend server info>:80