{{beinhaltet Abweichungen von der Realität}}

[[Server/freebert]] is gone!

== Hardware ==
Virtualisiert durch [[Server/freebert/FreeBSD]]

== Software ==

* FreeBSD Jail Container
* haproxy

== Verwendungszweck ==

* haproxy (high availability) für reverseproxy1/2 - CARP jails
* dev version 1.5 für ssl support

[https://haproxy.hq.c3d2.de/ https://haproxy.hq.c3d2.de]
* [https://web.saugbert.hq.c3d2.de/ saugbert.hq.c3d2.de]
* [https://web.storage.hq.c3d2.de/ storage.hq.c3d2.de]

== haproxy.conf ==

<source lang=bash>
### ### ### C3D2 ### ### ###

global
    log 127.0.0.1   local0
    log 127.0.0.1   local1 notice
    maxconn         4096
    user            haproxy
    group           nogroup
    daemon

defaults
    log             global
    mode            http
    option          httplog
    option          dontlognull
    option          forwardfor
    option          http-server-close
    stats           enable
     stats          auth topsecret:topsecret
     stats          uri /haproxyStats
contimeout 5000
clitimeout 50000
srvtimeout 50000

frontend https-in
    bind 217.115.11.138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
    bind 2001:4dd0:fb82:c3d2::e:138:443 ssl crt /usr/local/etc/haproxy/haproxy_wildcard.pem
    reqadd X-Forwarded-Proto:\ https
###
acl reverse1 hdr_dom(host) -i web.saugbert.hq.c3d2.de
use_backend srv_reverse1 if reverse1
#
acl reverse2 hdr_dom(host) -i web.storage.hq.c3d2.de
use_backend srv_reverse2 if reverse2
###
    default_backend srv_reverse1

backend srv_reverse1
    redirect scheme https if !{ ssl_fc }
    # balance leastconn
    balance roundrobin
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix
    ### CARP // ###
    server reverseproxy 172.22.99.247:81 check
    ### // CARP ###
    # server reverseproxy1 172.22.99.79:80 weight 1 maxconn 1024 check
    # server reverseproxy2 172.22.99.99:80 weight 1 maxconn 1024 check
### // backend srv_reverse1 ###

backend srv_reverse2
    redirect scheme https if !{ ssl_fc }
    # balance leastconn
    balance roundrobin
    option httpclose
    option forwardfor
    cookie JSESSIONID prefix
    ### CARP // ###
    server reverseproxy 172.22.99.247:82 check
    ### // CARP ###
### // backend srv_reverse1 ###

### ### ### C3D2 ### ### ###
# EOF
</source>

== SternenLogBuch ==
* 24.06.2014 - wildcard cert & ipv6 & hdr_dom
* 23.06.2014 - Basis Setup

[[Kategorie:Infrastruktur]]