10/16/2018 - 7:17 PM


    ca-base /etc/ssl/certs

    log local0
    maxconn 256

    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    option forwardfor
    option http-server-close

frontend packages
    bind *:80
    default_backend my-backend
    # /cloudpassage
    acl p_cloudpassage path_beg /cloudpassage/
    use_backend cloudpassage if p_cloudpassage

backend cloudpassage
    server cloudpassage ssl ca-file ca-bundle.crt verifyhost

    # /cloudpassage/cphalo-LATEST-win64.exe ===>
    acl p_cpwin path_beg /cloudpassage/cphalo-LATEST-win
    http-request set-path %[path,regsub(/cloudpassage/cphalo-LATEST,/windows/cphalo-4.2.2)] if p_cpwin

    # /cloudpassage/cloudpassage.packages.key ===>
    acl p_cpkey path /cloudpassage/cloudpassage.packages.key

    # NOTE(kgriffs): We should avoid proxying repo requests unless for some reason the customer
    #   refuses to open a route to in their firewall. That way, we
    #   aren't on the critical path each time someone does a yum update.
    # /cloudpassage/debian/* ===>*
    # /cloudpassage/redhat/* ===>*
    acl p_cprepo path_reg /cloudpassage/(debian|redhat)/

    http-request set-path %[path,regsub(/cloudpassage/,/)] if p_cpkey or p_cprepo

backend my-backend
    balance roundrobin
    server app01 check
    server app02 check