52 lines
1.5 KiB
Plaintext
52 lines
1.5 KiB
Plaintext
global
|
|
chroot /var/lib/haproxy
|
|
stats socket /admin.sock mode 660 level admin
|
|
stats timeout 30s
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
|
|
ca-base /etc/ssl/certs
|
|
crt-base /crypt
|
|
|
|
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
|
ssl-default-bind-options no-sslv3
|
|
|
|
defaults
|
|
#log global
|
|
mode http
|
|
#option httplog
|
|
#option dontlognull
|
|
timeout connect 5000
|
|
timeout client 50000
|
|
timeout server 50000
|
|
|
|
frontend http
|
|
bind *:80
|
|
reqadd X-Forwarded-Proto:\ http
|
|
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
|
|
|
# add X-Forwarded-For Header to request
|
|
http-request add-header X-Forwarded-For %[src]
|
|
|
|
redirect scheme https code 301 if !{ ssl_fc }
|
|
use_backend letsencrypt-backend if letsencrypt-acl
|
|
default_backend www-backend
|
|
|
|
frontend https
|
|
bind *:443 ssl crt /data/haproxy/cert.pem
|
|
reqadd X-Forwarded-Proto:\ https
|
|
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
|
|
|
# add X-Forwarded-For Header to request
|
|
http-request add-header X-Forwarded-For %[src]
|
|
|
|
use_backend letsencrypt-backend if letsencrypt-acl
|
|
default_backend www-backend
|
|
|
|
backend www-backend
|
|
server one target:80
|
|
|
|
backend letsencrypt-backend
|
|
server letsencrypt 127.0.0.1:54321
|