51 lines
1.3 KiB
Plaintext
51 lines
1.3 KiB
Plaintext
global
|
|
log /dev/log local0
|
|
log /dev/log local1 notice
|
|
chroot /var/lib/haproxy
|
|
stats timeout 30s
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
|
|
defaults
|
|
log global
|
|
# mode tcp
|
|
mode http
|
|
option httplog
|
|
option dontlognull
|
|
timeout connect 5000
|
|
timeout client 50000
|
|
timeout server 50000
|
|
option http-server-close
|
|
|
|
#### Main fron end ####
|
|
frontend https_front
|
|
bind *:443 ssl crt /etc/haproxy/ssl/ alpn h2,http/1.1
|
|
|
|
#### Stats Page ####
|
|
stats uri /haproxy?stats
|
|
stats auth nick:sBbGmTah67npAPvehEmi5q9NwS5GA
|
|
|
|
#### Set correct IP ####
|
|
acl from_cf src -f /etc/haproxy/cloudflare_ips.lst
|
|
acl cf_ip_hdr req.hdr(CF-Connecting-IP) -m found
|
|
# http-request set-header X-Forwarded-For %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
|
|
http-request set-header real-ip1 %[req.hdr(CF-Connecting-IP)] if from_cf cf_ip_hdr
|
|
|
|
#### WP admin to single server ####
|
|
acl url_is_wp_admin path_beg /wp-admin /wp-login.php /manage /securein
|
|
use_backend adminServerHTTPS if url_is_wp_admin
|
|
|
|
#### Configure Backends ####
|
|
default_backend webserversHTTPS
|
|
|
|
#### Main Backend ####
|
|
backend webserversHTTPS
|
|
balance roundrobin
|
|
server web01.nicks.website 10.1.96.4:443 check ssl verify none
|
|
|
|
#### Admin server ####
|
|
backend adminServerHTTPS
|
|
balance roundrobin
|
|
server web01.nicks.website 10.1.96.4:443 check ssl verify none
|