diff options
author | Denver Abrey <denver@thoughtexpress.com> | 2017-10-10 15:43:42 +0200 |
---|---|---|
committer | Denver Abrey <denver@thoughtexpress.com> | 2017-10-10 15:43:42 +0200 |
commit | 99590928ce1f704ea04ac305843ffd34031a833f (patch) | |
tree | 559645dbb8453c8b9288e1eecdb60adf7c287167 /extra | |
parent | 3826ec33af608a377c4421ea75622eebccdebee4 (diff) |
Add haproxy example
Diffstat (limited to 'extra')
-rw-r--r-- | extra/oxidized.haproxy | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/extra/oxidized.haproxy b/extra/oxidized.haproxy new file mode 100644 index 0000000..91b76b2 --- /dev/null +++ b/extra/oxidized.haproxy @@ -0,0 +1,45 @@ +global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon + + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS + ssl-default-bind-options no-sslv3 + +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +frontend oxidized + bind *:80 + mode http + default_backend oxidized + compression algo gzip + compression type text/html text/plain text/css + +backend oxidized + server o1 127.0.0.1:8080 |