summaryrefslogtreecommitdiffstats
path: root/files/fedora-cloud/haproxy.cfg
blob: 8548645e9acd347310903fcd4a3a88f79080fee6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    tune.ssl.default-dh-param 1024
    ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK


#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#frontend keystone_public *:5000
#  default_backend keystone_public
#frontend keystone_admin *:35357
#  default_backend keystone_admin
frontend neutron
  bind 0.0.0.0:9696 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
  default_backend neutron
  # HSTS (15768000 seconds = 6 months)
  rspadd  Strict-Transport-Security:\ max-age=15768000

frontend cinder
  bind 0.0.0.0:8776 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
  default_backend cinder
  # HSTS (15768000 seconds = 6 months)
  rspadd  Strict-Transport-Security:\ max-age=15768000

frontend swift
  bind 0.0.0.0:8080 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
  default_backend swift
  # HSTS (15768000 seconds = 6 months)
  rspadd  Strict-Transport-Security:\ max-age=15768000

frontend nova
  bind 0.0.0.0:8774 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
  default_backend nova
  # HSTS (15768000 seconds = 6 months)
  rspadd  Strict-Transport-Security:\ max-age=15768000

frontend ceilometer
  bind 0.0.0.0:8777 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
  default_backend ceilometer
  # HSTS (15768000 seconds = 6 months)
  rspadd  Strict-Transport-Security:\ max-age=15768000

frontend ec2
  bind 0.0.0.0:8773 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
  default_backend ec2
  # HSTS (15768000 seconds = 6 months)
  rspadd  Strict-Transport-Security:\ max-age=15768000

frontend glance
  bind 0.0.0.0:9292 ssl no-sslv3 no-tlsv10 crt /etc/haproxy/fedorainfracloud.org.combined
  default_backend glance
  # HSTS (15768000 seconds = 6 months)
  rspadd  Strict-Transport-Security:\ max-age=15768000

backend neutron
  server neutron 127.0.0.1:8696 check

backend cinder
  server cinder 127.0.0.1:6776 check

backend swift
  server swift 127.0.0.1:7080 check

backend nova
  server nova 127.0.0.1:6774 check

backend ceilometer
  server ceilometer 127.0.0.1:6777 check

backend ec2
  server ec2 127.0.0.1:6773 check

backend glance
  server glance 127.0.0.1:7292 check

backend keystone_public
  server keystone_public 127.0.0.1:5000 check

backend keystone_admin
  server keystone_admin 127.0.0.1:35357 check
generated by cgit (git 2.34.1) at 2025-07-02 07:16:11 +0000