2014-06-23 13:54:01 +02:00
|
|
|
[[Kategorie:Infrastruktur]]
|
|
|
|
|
|
|
|
== Hardware Info ==
|
|
|
|
Virtualisiert durch [[intern:Freebert]]
|
|
|
|
|
|
|
|
== Software Info ==
|
|
|
|
FreeBSD Jail Container
|
|
|
|
* haproxy
|
|
|
|
|
|
|
|
== Verwendungszweck ==
|
2014-06-23 14:54:35 +02:00
|
|
|
* haproxy (high availability) für reverseproxy1/2 - CARP jails
|
2014-06-23 13:54:01 +02:00
|
|
|
* dev version 1.5 für ssl support
|
|
|
|
|
2014-06-23 14:40:40 +02:00
|
|
|
[https://haproxy.hq.c3d2.de/ https://haproxy.hq.c3d2.de]
|
2014-06-24 02:29:46 +02:00
|
|
|
* [https://web.saugbert.hq.c3d2.de/ saugbert.hq.c3d2.de]
|
|
|
|
* [https://web.storage.hq.c3d2.de/ storage.hq.c3d2.de]
|
2014-06-24 02:29:27 +02:00
|
|
|
|
2014-06-23 13:54:01 +02:00
|
|
|
== haproxy.conf ==
|
|
|
|
|
|
|
|
<source lang=bash>
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
|
|
|
|
global
|
|
|
|
log 127.0.0.1 local0
|
|
|
|
log 127.0.0.1 local1 notice
|
2014-06-24 02:27:47 +02:00
|
|
|
maxconn 4096
|
|
|
|
user haproxy
|
|
|
|
group nogroup
|
2014-06-23 13:54:01 +02:00
|
|
|
daemon
|
|
|
|
|
|
|
|
defaults
|
2014-06-24 02:27:47 +02:00
|
|
|
log global
|
|
|
|
mode http
|
|
|
|
option httplog
|
|
|
|
option dontlognull
|
|
|
|
option forwardfor
|
|
|
|
option http-server-close
|
|
|
|
stats enable
|
|
|
|
stats auth topsecret:topsecret
|
|
|
|
stats uri /haproxyStats
|
2014-06-23 13:54:01 +02:00
|
|
|
contimeout 5000
|
|
|
|
clitimeout 50000
|
|
|
|
srvtimeout 50000
|
|
|
|
|
|
|
|
frontend https-in
|
2014-06-24 02:27:47 +02:00
|
|
|
bind 217.115.11.138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
|
|
|
|
bind 2001:4dd0:fb82:c3d2::e:138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
|
2014-06-23 13:54:01 +02:00
|
|
|
reqadd X-Forwarded-Proto:\ https
|
2014-06-24 02:27:47 +02:00
|
|
|
###
|
|
|
|
acl reverse1 hdr_dom(host) -i web.saugbert.hq.c3d2.de
|
|
|
|
use_backend srv_reverse1 if reverse1
|
|
|
|
#
|
|
|
|
acl reverse2 hdr_dom(host) -i web.storage.hq.c3d2.de
|
|
|
|
use_backend srv_reverse2 if reverse2
|
|
|
|
###
|
|
|
|
default_backend srv_reverse1
|
2014-06-23 13:54:01 +02:00
|
|
|
|
2014-06-24 02:27:47 +02:00
|
|
|
backend srv_reverse1
|
2014-06-23 13:54:01 +02:00
|
|
|
redirect scheme https if !{ ssl_fc }
|
2014-06-24 02:27:47 +02:00
|
|
|
# balance leastconn
|
2014-06-23 13:54:01 +02:00
|
|
|
balance roundrobin
|
|
|
|
option httpclose
|
|
|
|
option forwardfor
|
|
|
|
cookie JSESSIONID prefix
|
2014-06-24 02:27:47 +02:00
|
|
|
### CARP // ###
|
|
|
|
server reverseproxy 172.22.99.247:81 check
|
|
|
|
### // CARP ###
|
|
|
|
# server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check
|
|
|
|
# server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check
|
|
|
|
### // backend srv_reverse1 ###
|
2014-06-23 13:54:01 +02:00
|
|
|
|
2014-06-24 02:27:47 +02:00
|
|
|
backend srv_reverse2
|
|
|
|
redirect scheme https if !{ ssl_fc }
|
|
|
|
# balance leastconn
|
|
|
|
balance roundrobin
|
|
|
|
option httpclose
|
|
|
|
option forwardfor
|
|
|
|
cookie JSESSIONID prefix
|
|
|
|
### CARP // ###
|
|
|
|
server reverseproxy 172.22.99.247:82 check
|
|
|
|
### // CARP ###
|
|
|
|
### // backend srv_reverse1 ###
|
2014-06-23 13:54:01 +02:00
|
|
|
|
|
|
|
### ### ### C3D2 ### ### ###
|
|
|
|
# EOF
|
|
|
|
</source>
|
|
|
|
|
|
|
|
== SternenLogBuch ==
|
2014-06-24 02:27:47 +02:00
|
|
|
* 24.06.2014 - wildcard cert & ipv6 & hdr_dom
|
2014-06-23 13:54:01 +02:00
|
|
|
* 23.06.2014 - Basis Setup
|