2016-04-06 20:26:08 +02:00
|
|
|
global
|
|
|
|
chroot /var/lib/haproxy
|
|
|
|
stats socket /admin.sock mode 660 level admin
|
|
|
|
stats timeout 30s
|
|
|
|
user haproxy
|
|
|
|
group haproxy
|
|
|
|
daemon
|
|
|
|
|
|
|
|
ca-base /etc/ssl/certs
|
|
|
|
crt-base /crypt
|
|
|
|
|
2016-04-10 09:36:03 +02:00
|
|
|
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
2016-04-06 20:26:08 +02:00
|
|
|
ssl-default-bind-options no-sslv3
|
|
|
|
|
|
|
|
defaults
|
|
|
|
#log global
|
|
|
|
mode http
|
|
|
|
#option httplog
|
|
|
|
#option dontlognull
|
|
|
|
timeout connect 5000
|
|
|
|
timeout client 50000
|
|
|
|
timeout server 50000
|
|
|
|
|
|
|
|
frontend http
|
|
|
|
bind *:80
|
|
|
|
reqadd X-Forwarded-Proto:\ http
|
|
|
|
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
2016-12-13 07:09:06 +01:00
|
|
|
redirect scheme https code 301 if !{ ssl_fc }
|
2016-04-06 20:26:08 +02:00
|
|
|
use_backend letsencrypt-backend if letsencrypt-acl
|
|
|
|
default_backend www-backend
|
|
|
|
|
|
|
|
frontend https
|
|
|
|
bind *:443 ssl crt /data/haproxy/cert.pem
|
|
|
|
reqadd X-Forwarded-Proto:\ https
|
|
|
|
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
|
|
|
use_backend letsencrypt-backend if letsencrypt-acl
|
|
|
|
default_backend www-backend
|
|
|
|
|
|
|
|
backend www-backend
|
|
|
|
server one target:80
|
|
|
|
|
|
|
|
backend letsencrypt-backend
|
|
|
|
server letsencrypt 127.0.0.1:54321
|