config/haproxy.cfg


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

global
  maxconn 4096
  tune.ssl.default-dh-param 2048

defaults
  mode http
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms
  option forwardfor
  option http-server-close
  stats enable
  stats uri /stats
  stats realm Haproxy\ Statistics
  stats auth username:password

frontend www-http
  bind *:80
  reqadd X-Forwarded-Proto:\ http
  default_backend www-backend

frontend www-https
  bind *:443 ssl crt /usr/local/etc/haproxy/server.pem
  reqadd X-Forwarded-Proto:\ https
  default_backend www-backend

backend www-backend
  redirect scheme https if !{ ssl_fc }
  balance roundrobin
  server www1 www1:443 check ssl verify none
  server www2 www2:443 check ssl verify none