external/HyperProxmox
1
0
Fork 0
mirror of https://github.com/ThomasGsp/HyperProxmox.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity
HyperProxmox/system/BASE_SOFT/HAPROXY/1.7.5/haproxy.cfg
thomas.guiseppin 5352a2b94a first commit
2017-10-21 22:04:42 +02:00

96 lines
3.8 KiB
INI
Raw Blame History

global
chroot /var/lib/haproxy
group haproxy
ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-ES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
tune.ssl.default-dh-param 2048
ssl-default-bind-options no-sslv3 no-tls-tickets
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSADSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
user haproxy
stats socket /var/lib/haproxy/stats
maxconn 10000
pidfile /var/run/haproxy.pid
log 127.0.0.1 local0
defaults
log global
option redispatch
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
stats enable
stats hide-version
stats refresh 5s
stats scope .
stats show-legends
retries 3
userlist htaccess
group it users tlams
# Please use SHA-512 password
user htaccess password PxTqnm52um8Q6
listen http
bind 0.0.0.0:80
mode http
log-format %ci\ -\ [%T]\ %{+Q}r\ %ST\ %B\ %{+Q}hrl
option httplog clf
option forwardfor
timeout http-request 1m
timeout queue 1m
timeout connect 20s
timeout client 20s
timeout server 1m
capture request header Referer len 64
capture request header User-Agent len 512
capture request header Host len 128
reqadd X-Forwarded-Proto:\ https
reqadd http_x_forwarded_proto:\ https
maxconn 32768
redirect scheme https code 301 if !{ ssl_fc }
listen https
bind 0.0.0.0:443 ssl crt /opt/certbot/
mode http
log-format %ci\ -\ [%T]\ %{+Q}r\ %ST\ %B\ %{+Q}hrl
option httplog clf
option forwardfor
timeout http-request 1m
timeout queue 1m
timeout connect 20s
timeout client 20s
timeout server 1m
capture request header Referer len 64
capture request header User-Agent len 512
capture request header Host len 128
http-response set-header X-Client-IP %[src]
http-response set-header X-Frame-Options "SAMEORIGIN"
http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
http-response set-header X-XSS-Protection "1; mode=block"
http-response set-header X-Content-Type-Options "nosniff"
reqadd X-Forwarded-Proto:\ https
reqadd http_x_forwarded_proto:\ https
maxconn 32768
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend lamp
### PUBLIC BACKEND
backend lamp
mode http
server lamp 127.0.0.1:8080 check
### LETS ENCRYPT BACKEND
backend letsencrypt-backend
mode http
http-request set-header Host letsencrypt.requests
server letsencrypt 127.0.0.1:54321
Reference in a new issue View git blame Copy permalink