global
log 127.0.0.1 local0
chroot /var/lib/haproxy #chroot运行路径
pidfile /var/run/haproxy.pid #haproxy 进程PID文件
maxconn 65535 #默认最大连接数,需考虑ulimit-n限制
user haproxy
group haproxy
daemon #以后台形式运行harpoxy
ssl-default-bind-ciphers TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH ssl-default-bind-options no-sslv3 no-tls-tickets
tune.ssl.default-dh-param 2048 ssl-server-verify none
stats socket /var/lib/haproxy/stats
defaults
option forwardfor
option httpclose
option dontlognull #不记录健康检查日志信息
option redispatch #当serverId对应的服务器挂掉后,强制定向到其他健康的服务器,以后将不支持
retries 3 #两次连接失败就认为是服务器不可用,也可以通过后面设置
timeout connect 10s #连接超时
timeout client 50s #客户端超时
timeout server 50s #服务器超时
maxconn 65535 #默认最大连接数,需考虑ulimit-n限制
########统计页面配置########
listen admin_stats
bind 0.0.0.0:5000 #设置Frontend和Backend的组合体,监控组的名称,按需要自定义名称
mode http #http的7层模式
stats refresh 30s #统计页面自动刷新时间
stats uri /haproxy #统计页面url
stats realm Cloud\Haproxy #统计页面密码框上提示文本
stats auth admin:admin #设置监控页面的用户和密码:admin,可以设置多个用户名
stats hide-version #隐藏统计页面上HAProxy的版本信息
stats admin if TRUE #设置手工启动/禁用,后端服务器(haproxy-1.4.9以后版本)
########frontend前端配置##############
########backend后端配置##############
listen http_80
bind 0.0.0.0:80
mode http
balance leastconn
log global
log-format "%Tl",%{+Q}ci,"%fi:%fp",%{+Q}bi,%{+Q}r,%ST,%B,%{+Q}hr,%Tt
option httpclose
option forwardfor
option http-server-close
capture request header Host len 255
capture request header User-Agent len 255
capture request header Referer len 255
capture request header Cookie len 255
timeout http-request 50s
timeout http-keep-alive 55s
server http_80_web1_80 192.168.6.15:80 cookie web1_80 weight 10 check inter 3000 rise 3 fall 5
server http_80_web2_80 192.168.6.16:80 cookie web2_80 weight 10 check inter 3000 rise 3 fall 5
acl ericdress_com hdr(host) -m str ericdress.com
redirect prefix http://www.ericdress.com code 301 if ericdress_com
########tcp配置#################
listen https_443
bind *:443 ssl crt /etc/ssl/certs/eric.pem #需要设置证书文件的位置
mode http
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https #增加http头
capture request header Host len 255
capture request header User-Agent len 255
capture request header Referer len 255
capture request header Cookie len 255
timeout http-request 50s
timeout http-keep-alive 55s
server http_443_web1_443 192.168.6.15:443 ssl cookie web1_443 weight 10 check inter 3000 rise 3 fall 5
server http_443_web2_443 192.168.6.16:443 ssl cookie web2_443 weight 10 check inter 3000 rise 3 fall 5
最后修改:2021 年 06 月 14 日
© 允许规范转载