-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhaproxy.ctmpl
80 lines (74 loc) · 3.38 KB
/
haproxy.ctmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
global
chroot /var/lib/haproxy
daemon
group haproxy
log <%= @ipaddress %> local0
tune.ssl.default-dh-param 2048
maxconn 4096
pidfile /var/run/haproxy.pid
stats socket /var/lib/haproxy/stats
user haproxy
defaults
log global
maxconn 8000
option redispatch
retries 3
stats enable
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
frontend default-cert
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/wildcard.bundle.pem
mode http
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
reqadd X-Proto:\ https if { ssl_fc }
redirect scheme https code 301 if !{ ssl_fc }
{{range $i,$a:=services}}{{$path:=.Name}}{{range .Tags}}{{if eq . "proxy"}}
acl app{{$i}} hdr(host) -i {{$path}}.<%= @target_domain %>{{end}}{{end}}{{end}}
{{- range ls "service/manual-haproxy"}}
acl custom_{{.Key}} hdr(host) -i {{.Key}}{{end}}
{{range $i,$a:=services}}{{range .Tags}}{{if eq . "proxy"}}
use_backend srvs_app{{$i}} if app{{$i}}{{end}}{{end}}{{end}}
{{- range ls "service/manual-haproxy"}}
use_backend srvs_custom_{{.Key}} if custom_{{.Key}}{{end}}
{{- range $i,$a:=services}}{{$path:=.Name}}{{range .Tags}}{{if eq . "proxy"}}
{{- $keyPath := printf "service/%s/balance_addport" $path}}{{ $cPort:=(keyOrDefault $keyPath "") }}{{ if ne $cPort "" }}
frontend {{$cPort}}
bind *:{{$cPort}} ssl crt /etc/haproxy/certs/wildcard.bundle.pem
mode http
acl app{{$i}}_{{$cPort}} hdr(host) -i {{$path}}.<%= @target_domain %>:{{$cPort}}
use_backend srvs_app{{$i}}_{{$cPort}} if app{{$i}}_{{$cPort}}{{end}}{{end}}{{end}}{{end}}
{{- range $i,$a:=services}}{{$path:=.Name}}{{range .Tags}}{{if eq . "proxy"}}
backend srvs_app{{$i}}
mode http
{{- $keyPath := printf "service/%s/balance_type" $path}}
{{- $optionPath := printf "service/%s/balance_addcustomoptions" $path}}
{{- $hostOptionPath := printf "service/%s/balance_addhostoptions" $path}}
balance {{ keyOrDefault $keyPath "roundrobin" }}{{ if eq (keyOrDefault $keyPath "nope") "source" }}
hash-type consistent{{ end }}
option forwardfor{{ if ne (keyOrDefault $optionPath "") "" }}
{{ keyOrDefault $optionPath "" }}{{end}}
{{- $serviceName := printf "proxy.%s" $path}}{{ range $c,$d:=service $serviceName}}
server host{{$c}} {{.Address}}:{{.Port}} {{ if ne (keyOrDefault $hostOptionPath "") "" }}
{{- keyOrDefault $hostOptionPath "" }}{{end}}{{end}}{{end}}{{end}}{{end}}
{{- range ls "service/manual-haproxy"}}
backend srvs_custom_{{.Key}}
{{.Value}}{{end}}
{{- range $i,$a:=services}}{{$path:=.Name}}{{range .Tags}}{{if eq . "proxy"}}
{{- $keyPath := printf "service/%s/balance_addport" $path}}{{ $cPort:=(keyOrDefault $keyPath "") }}{{ if ne $cPort "" }}
backend srvs_app{{$i}}_{{$cPort}}
mode http
{{- $keyPath := printf "service/%s/balance_type" $path}}
{{- $optionPath := printf "service/%s/balance_addcustomoptions" $path}}
{{- $hostOptionPath := printf "service/%s/balance_addhostoptions" $path}}
balance {{ keyOrDefault $keyPath "roundrobin" }}{{ if eq (keyOrDefault $keyPath "nope") "source" }}
hash-type consistent{{ end }}
option forwardfor{{ if ne (keyOrDefault $optionPath "") "" }}
{{ keyOrDefault $optionPath "" }}{{end}}
{{- range $c,$d:=service $a.Name}}
server host{{$c}} {{.Address}}:{{$cPort}} {{ if ne (keyOrDefault $hostOptionPath "") "" }}
{{- keyOrDefault $hostOptionPath "" }}{{end}}{{end}}{{end}}{{end}}{{end}}{{end}}