2021-11-22 14:45:49 +00:00
|
|
|
global
|
|
|
|
balance roundrobin
|
|
|
|
|
|
|
|
frontend http
|
|
|
|
bind :80
|
|
|
|
bind :443 ssl crt /etc/haproxy/cert.pem
|
|
|
|
option forwardfor
|
|
|
|
|
2021-11-22 18:02:33 +00:00
|
|
|
# Test configuration
|
2021-11-22 14:45:49 +00:00
|
|
|
#http-request set-header Host domain.local
|
|
|
|
|
|
|
|
# Set environment
|
|
|
|
http-request set-var(req.backend) req.hdr(host),map_str(/etc/haproxy/maps/host.map)
|
|
|
|
http-request set-var(req.backend) base,map_beg(/etc/haproxy/maps/base.map)
|
|
|
|
http-request set-var(req.acl) src,map_ip(/etc/haproxy/maps/acl.map)
|
|
|
|
http-request set-var(req.zone) var(req.backend),map_str(/etc/haproxy/maps/zone.map)
|
|
|
|
http-request set-var(req.aclZone) var(req.acl),concat(/,req.zone)
|
|
|
|
|
2021-11-22 18:02:33 +00:00
|
|
|
# Debug
|
|
|
|
#http-request set-var(txn.debug) var(req.varName)
|
|
|
|
#log-format "%[var(txn.debug)]"
|
2021-11-22 14:45:49 +00:00
|
|
|
|
|
|
|
# ACL check
|
|
|
|
acl allow var(req.aclZone) -f /etc/haproxy/maps/access.map
|
|
|
|
http-request deny if !allow
|
|
|
|
|
|
|
|
# HTTPS redirect
|
|
|
|
acl https var(req.backend) -f /etc/haproxy/maps/https.map
|
|
|
|
http-request add-header X-Forwarded-Proto https if { ssl_fc }
|
|
|
|
redirect scheme https if !{ ssl_fc } https
|
|
|
|
|
|
|
|
# Backend
|
|
|
|
default_backend not-found
|
|
|
|
use_backend %[var(req.backend)]
|
2020-01-27 16:25:39 +00:00
|
|
|
|
2021-11-22 18:02:33 +00:00
|
|
|
backend not-found
|
|
|
|
http-request deny deny_status 400
|
|
|
|
|
2023-02-22 17:33:35 +00:00
|
|
|
#+++++++++++++++++++++++++++++++ HTTP backends
|
2020-01-27 16:25:39 +00:00
|
|
|
|
2023-02-22 17:33:35 +00:00
|
|
|
{{#each http}}
|
2020-01-28 13:57:24 +00:00
|
|
|
backend {{name}}
|
2023-02-22 17:33:35 +00:00
|
|
|
{{#each ../workers}}
|
2023-02-27 22:04:18 +00:00
|
|
|
server {{name}}:{{../port}} {{address}}:{{../port}} check
|
2023-02-22 17:33:35 +00:00
|
|
|
{{/each}}
|
|
|
|
{{/each}}
|
|
|
|
|
|
|
|
#+++++++++++++++++++++++++++++++ TCP backends
|
|
|
|
|
|
|
|
{{#each tcp}}
|
2023-02-27 22:04:18 +00:00
|
|
|
listen {{name}}:{{targetPort}}
|
2023-02-22 17:50:03 +00:00
|
|
|
bind :{{port}}
|
2023-02-22 17:33:35 +00:00
|
|
|
mode tcp
|
|
|
|
{{#each ../workers}}
|
2023-02-27 22:04:18 +00:00
|
|
|
server {{name}}:{{../port}} {{address}}:{{../port}} check
|
2020-01-27 16:25:39 +00:00
|
|
|
{{/each}}
|
|
|
|
{{/each}}
|