nick
/
haproxy-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import from previous testing

This commit is contained in:
Nick Leffler 2020-10-25 02:08:34 +00:00
commit 39c0fc31d5
7 changed files with 364 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cfIps.txt Normal file
View File

@ -0,0 +1,21 @@
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
131.0.72.0/22

21
cloudflare_ips.lst Normal file
View File

@ -0,0 +1,21 @@
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
131.0.72.0/22
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32

50
haproxy.cfg Normal file
View File

@ -0,0 +1,50 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
# mode tcp
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
option http-server-close
#### Main fron end ####
frontend https_front
bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
#### Stats Page ####
stats uri /haproxy?stats
stats auth nick:sBbGmTah67npAPvehEmi5q9NwS5GA
#### Set correct IP ####
acl from_cf src -f /etc/haproxy/cloudflare_ips.lst
acl cf_ip_hdr req.hdr(CF-Connecting-IP) -m found
# http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
http-request set-header real-ip1 %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
#### WP admin to single server ####
acl url_is_wp_admin path_beg /wp-admin /wp-login.php /manage /securein
use_backend adminServerHTTPS if url_is_wp_admin
#### Configure Backends ####
default_backend webserversHTTPS
#### Main Backend ####
backend webserversHTTPS
balance roundrobin
server web01.nicks.website 10.1.96.4:443 check ssl verify none
#### Admin server ####
backend adminServerHTTPS
balance roundrobin
server web01.nicks.website 10.1.96.4:443 check ssl verify none

90
haproxy.cfg.orig Normal file
View File

@ -0,0 +1,90 @@
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check

90
haproxy.cfg.orig.1 Normal file
View File

@ -0,0 +1,90 @@
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check

43
haproxy.cfg.tcp Normal file
View File

@ -0,0 +1,43 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
# option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http_front
bind *:80
stats uri /haproxy?stats
stats auth admin:sBbGmTah67npAPvehEmi5q9NwS5GA
default_backend webserversHTTP
option http-server-close
option forwardfor
frontend https_front
bind *:443
# stats uri /haproxy?stats
# stats auth admin:sBbGmTah67npAPvehEmi5q9NwS5GA
option forwardfor
default_backend webserversHTTPS
option http-server-close
option forwardfor
backend webserversHTTP
balance roundrobin
server web01.nicks.website 10.1.96.4:80 check
# server server_name2 private_ip2:80 check
backend webserversHTTPS
balance roundrobin
server web01.nicks.website 10.1.96.4:443 check

49
ssl/default.pem Normal file
View File

@ -0,0 +1,49 @@
-----BEGIN CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIUKwzWRNhZYN5EqO9fFDlcZ7HNwbowDQYJKoZIhvcNAQEL
BQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yMDA4MDIwNDEyMDJaFw0yMTA4MDIw
NDEyMDJaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa
BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDcXdGGpE9lD9TtAYxrpUtOEHQG2zyjpoNarBMm7hoILStM5gqC
zjbqs1xp+YLqWz0WpSFCYZI3XxgQt/2RsJGU5uYGzSP/IP+1cUzh6ezzyeQwVWPB
JjaSIOHWNjBzlFZTBeP3cOj3SJf5xY1IQWRySjNU2GtspextC+QaVJ2rGQaHeyh2
Oj9eXvrn1I4TyZ3UmnJJFlzcEaXlpzMbAcm/OnrVG8x8jybI1UU+j+516qw1d64z
Wy0BqOzbHnmZsTOvTEYBxDdQ1UKJTvy6WmFvEez1Kqt7ZsvIz1zZpYf2hdrmTRjs
YQQEhH0fyGFuERKoMWMl7bri8WnidgFRfSqLAgMBAAGjUzBRMB0GA1UdDgQWBBRz
ZvueynrqkSoNGTmpCuj/aaTV8TAfBgNVHSMEGDAWgBRzZvueynrqkSoNGTmpCuj/
aaTV8TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCXG0gPdDUv
O9atEcu8aOL79jCLnVcJbib7nuBAa+ujka9hLekODzH29mw7uPMczbQtbVaVDd8q
RHC6ku4IEZ+zNIat3q8oKBHdKOxCOgZ6p9G3YeJV9pIlnUkRG1963WIq5cgo9stc
k7AOJgEeiWMxgvwAUQYvQ5DBYGw5xZT+mkz//RGoK+wnEIAn1l+XwtQ0t0Np/fp2
9Qnm+O5BInCTy1V36TMSWwwBuLivswevMX40Am4N7TxntFygHIo+TUW1Y2ZEkaJS
Cqb/nZdoPCsMtWOBwdoxAzLOLJU8xV8jVQvjwydGCx4QJ7SjW1pZFnE2o1hAHO2i
+khEsnkPHuvJ
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcXdGGpE9lD9Tt
AYxrpUtOEHQG2zyjpoNarBMm7hoILStM5gqCzjbqs1xp+YLqWz0WpSFCYZI3XxgQ
t/2RsJGU5uYGzSP/IP+1cUzh6ezzyeQwVWPBJjaSIOHWNjBzlFZTBeP3cOj3SJf5
xY1IQWRySjNU2GtspextC+QaVJ2rGQaHeyh2Oj9eXvrn1I4TyZ3UmnJJFlzcEaXl
pzMbAcm/OnrVG8x8jybI1UU+j+516qw1d64zWy0BqOzbHnmZsTOvTEYBxDdQ1UKJ
Tvy6WmFvEez1Kqt7ZsvIz1zZpYf2hdrmTRjsYQQEhH0fyGFuERKoMWMl7bri8Wni
dgFRfSqLAgMBAAECggEASdwwNB6ydb8esOmJ9TKL0Ph2yy2EX52Z/TQbnzrDAuaQ
0s9vynPvuC6x1NtKY9581TA3u5YUefanjEL+/Gvf/7Z8dt8fJ44Z5ui4yierwfJz
Rzf3nW9/bu8Sgsfa6YJYhK8+v1ra2rc8KP1r40H3ts7j8ZYwO1RJsCsCI0klJ4k2
T8lOzXoA3nG+MhXgBY/4BSuYpvwOuS8xPBnR2AU9aY9LkMJdpF9WtPz6kmF+TrCg
cHyH3FC7anSOuppClpPTRSiQuE76Nk6wOOB6E4YNaKBwu34QiRUjtJjXCP2oHmmT
VDBMruwtF6nCtG6KN2uoLSiF1Rqtpj1qDCrEsxvnUQKBgQD65uVFCXTg5ognxYwm
1hcOIggYtDEfVZV0RSRybJKezHELkAI+CG7nqOGsCOzb/1MAs9yoHHzicVb3+N9+
K8JfP2jmqa467kcrZZ0XEwyL3sVs+eS8WJZ0zipBtgx5BIG0QKl9GH30bjKlu3PV
9ri/819sqg67JAuGUikNge6T9QKBgQDg2BaLum0kMOdL6/70xz4XpOrPBxOmxe66
aTXJrjBDmYeHF0CYDFgO9xJZDElZRem0HhbV+F+ieHPJfh+YPa3S0To45dR1e3Yr
YGH7y/2SQ22nBkP/ydMmo8pJqlB8PUKrBSmlrEx2f0fcZquAjuNpPIP7x4CFFZga
sZlrFUQ0fwKBgQCR0eoEAqf8Id+WBdkbpSfHHf5IpUk7Zdkztw+ktPdN9ZHp32t+
NBaI6v0lqBZJEg5ihSZESjJGxQp/mhQCV1pjUw4bqRhKxbt1PFxdUcPj8rgZSu8m
i/H9tuiWQkDjgLwFT+Nxge+KRRWIfvamrvrXDJI0LG3dU+iiy1Nyt0Y6lQKBgQDU
NyAQgcTBg+bLIdNh9SwF5QI6pNNHdUn9Z4/86wtiwmXIe4nb+MqkVU5b/dy9Bd+u
wTeMfQDGuCmQ5Bmt94k4kYICceo1eHHwPug8YCzVAA9etes4YaWJss4a+UU9/hQO
lrDYTeddcITC4aS9kh/SE+v+mC4VbmxBxZ6oE0pswQKBgFrmiAIRsqAu/WCs2sd8
d68N1EhQLiDG4B98hIXbkHZeDUTIt8Yt5UFk4xvnETa2huVgZqeLahkidMQkW5Wc
RnCrDz6o1Iksj1T9ypUXRJhXtMwChJLFmmWmgTbLvP7E6n7MblmMPGFSYpCTmpfA
PYDSBldAZ1hkeMBig4iVAWWz
-----END PRIVATE KEY-----