Created
June 6, 2016 20:00
-
-
Save bradjones1/ed6d01e311e89b6383e4b1625e72c64a to your computer and use it in GitHub Desktop.
Rancher/Docker haproxy.cfg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| lua-load /usr/local/etc/haproxy/acme-http01-webroot.lua | |
| ssl-default-bind-ciphers AES256+EECDH:AES256+EDH:!aNULL; | |
| tune.ssl.default-dh-param 4096 | |
| debug | |
| defaults | |
| mode http | |
| option log-health-checks | |
| option dontlognull | |
| option forwardfor | |
| option httpclose | |
| option httplog | |
| option redispatch | |
| retries 3 | |
| timeout check 5s | |
| timeout client 5s | |
| timeout connect 5s | |
| timeout server 5s | |
| log global | |
| frontend http | |
| bind *:80 | |
| acl url_acme_http01 path_beg /.well-known/acme-challenge/ | |
| http-request use-service lua.acme-http01 if METH_GET url_acme_http01 | |
| redirect scheme https code 301 if !{ ssl_fc } | |
| stats enable | |
| stats hide-version | |
| frontend ft_ssl_vip | |
| option http-server-close | |
| option forceclose | |
| option http-buffer-request | |
| timeout http-request 10s | |
| bind *:443 ssl crt /usr/local/etc/haproxy/certs/ no-sslv3 no-tls-tickets no-tlsv10 no-tlsv11 | |
| use_backend app | |
| rspadd Strict-Transport-Security:\ max-age=15768000 | |
| resolvers docker | |
| nameserver local 127.0.0.1:53 | |
| hold valid 1s | |
| timeout retry 1s | |
| resolve_retries 3 | |
| backend app | |
| server app app:80 check inter 3s rise 1 fall 2 resolvers docker resolve-prefer ipv4 | |
| http-request add-header X-Forwarded-Proto https if { ssl_fc } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment