cardano-apexpool · February 5, 2022 16:29
diff --git a/haproxy.cfg b/haproxy.cfg
 global
    log /dev/log    local0
    log /dev/log    local1 notice
    maxconn 60000
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # For more information, see ciphers(1SSL).
    tune.ssl.default-dh-param   2048
    ssl-default-bind-options    no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-bind-ciphers    ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    ssl-default-server-options  no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-server-ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

 defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
    option  dontlog-normal
    #option http-no-delay
    #option forwardfor
    #option http-server-close
    #option abortonclose
    retries 3
    option redispatch
    maxconn 60000
    timeout connect 2000
    timeout client  20000
    timeout server  20000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

 ##########################
 # layer 7 load balancing #
 ##########################
 frontend submit-api
    bind *:80
    default_backend http
    option  httplog

 frontend https-in
    bind *:443 ssl crt /etc/haproxy/ssl/cert.pem 
    default_backend http
    option httplog

 backend http
    mode http
    balance first
    option forwardfor
    option httpchk GET / HTTP/1.0
    http-check expect status 404
    server submit-api1 127.0.0.1:8090 check inter 5s fall 3 rise 3
    # server submit-api2 x.y.z.y:8090 check inter 5s fall 3 rise 3
    # ...

 ##########################
 # layer 4 load balancing #
 ##########################
 #listen submit-api
 #    bind                :443
 #    mode                tcp
 #    balance             roundrobin
 #    option              tcplog
 #    maxconn             1024
 #    default-server      fall 3 rise 2 slowstart 60s maxconn 128 maxqueue 512 weight 100
 #    server              submit-api 127.0.0.1:8090 check

 # statistics dashboard
 #listen stats 
 #    bind *:8080 ssl crt /etc/haproxy/ssl/cert.pem
 #    stats enable
 #    stats uri /status
 #    stats hide-version
 #    stats auth user:password
	global
	log /dev/log local0
	log /dev/log local1 notice
	maxconn 60000
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# For more information, see ciphers(1SSL).
	tune.ssl.default-dh-param 2048
	ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
	ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
	ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
	ssl-default-server-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	option dontlog-normal
	#option http-no-delay
	#option forwardfor
	#option http-server-close
	#option abortonclose
	retries 3
	option redispatch
	maxconn 60000
	timeout connect 2000
	timeout client 20000
	timeout server 20000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

	##########################
	# layer 7 load balancing #
	##########################
	frontend submit-api
	bind *:80
	default_backend http
	option httplog

	frontend https-in
	bind *:443 ssl crt /etc/haproxy/ssl/cert.pem
	default_backend http
	option httplog

	backend http
	mode http
	balance first
	option forwardfor
	option httpchk GET / HTTP/1.0
	http-check expect status 404
	server submit-api1 127.0.0.1:8090 check inter 5s fall 3 rise 3
	# server submit-api2 x.y.z.y:8090 check inter 5s fall 3 rise 3
	# ...

	##########################
	# layer 4 load balancing #
	##########################
	#listen submit-api
	# bind :443
	# mode tcp
	# balance roundrobin
	# option tcplog
	# maxconn 1024
	# default-server fall 3 rise 2 slowstart 60s maxconn 128 maxqueue 512 weight 100
	# server submit-api 127.0.0.1:8090 check

	# statistics dashboard
	#listen stats
	# bind *:8080 ssl crt /etc/haproxy/ssl/cert.pem
	# stats enable
	# stats uri /status
	# stats hide-version
	# stats auth user:password