sebastian-s2
10/16/2012 - 5:35 PM

HAProxy Configurations

HAProxy Configurations

haproxy.cfg
content_copyfile_download
# References:
#   http://blog.mixu.net/2011/08/13/nginx-websockets-ssl-and-socket-io-deployment/
#

global
    nbproc  1
    maxconn 65536

defaults
    timeout connect 5s
    timeout queue   5s
    timeout server  30s
    timeout tunnel  1h

frontend flash_policy
    bind 0.0.0.0:843
    timeout client 5s
    default_backend nodejs_flashpolicy

frontend wwws
    bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem
    mode http
    timeout client 5s
    redirect prefix http://ovee.itvs.org

frontend www
    bind 0.0.0.0:80
    timeout client 1h
    default_backend www_backend

    # Is it a web or flash socket?
    acl is_websocket hdr(Upgrade) -i WebSocket
    use_backend websocket_backend if is_websocket

    tcp-request inspect-delay 500ms
    tcp-request content accept if HTTP
    use_backend flashsocket_backend if !HTTP

backend nodejs_flashpolicy
    server server1 backend:10843 maxconn 8192 check

backend www_backend
    mode http
    stats enable
    stats uri /haproxy
    option forwardfor

    server server1 backend:3000 weight 1 maxconn 8192 check

backend websocket_backend
    mode http
    option forwardfor
    option http-server-close
    option forceclose
    no option httpclose

    server server1 backend:3000 weight 1 maxconn 8192 check

backend flashsocket_backend
    server server1 backend:3000 weight 1 maxconn 8192 check
haproxy-ssl.cfg
content_copyfile_download
# References:
#   http://blog.mixu.net/2011/08/13/nginx-websockets-ssl-and-socket-io-deployment/
#   http://blog.exceliance.fr/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/
#

global
    nbproc  2
    maxconn 16384

defaults
    maxconn 16384

    timeout connect 5s
    timeout queue   5s
    timeout server  30s
    timeout tunnel  1h

frontend www
    bind 0.0.0.0:80
    mode http
    timeout client 5s
    redirect scheme https if !{ ssl_fc }

frontend wwws
    bind 0.0.0.0:443 ssl crt /etc/haproxy/ovee.pem
    timeout client 1h
    default_backend www_backend

    acl is_websocket hdr(Upgrade) -i WebSocket
    use_backend websocket_backend if is_websocket

    tcp-request inspect-delay 500ms
    tcp-request content accept if HTTP
    use_backend flashsocket_backend if !HTTP

frontend flash_policy
    bind 0.0.0.0:843
    timeout client 5s
    default_backend nodejs_flashpolicy

backend www_backend
    mode http
    stats enable
    stats uri /haproxy
    option forwardfor
    reqadd x-forwarded-proto:\ https

    server server1 www-backend:3000 weight 1 maxconn 16384 check

backend websocket_backend
    mode http
    option forwardfor
    option http-server-close
    option forceclose
    no option httpclose

    server server1 socket-backend:3000 weight 1 maxconn 16384 check

backend flashsocket_backend
    server server1 socket-backend:3000 weight 1 maxconn 16384 check

backend nodejs_flashpolicy
    server server1 www-backend:10843 maxconn 16384 check