tofarley
10/16/2018 - 7:17 PM

haproxy.cfg

haproxy.cfg
content_copyfile_download
global
    ca-base /etc/ssl/certs

    log 127.0.0.1 local0
    daemon
    maxconn 256

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    option forwardfor
    option http-server-close

frontend packages
    bind *:80
    default_backend my-backend
    
    # /cloudpassage
    acl p_cloudpassage path_beg /cloudpassage/
    use_backend cloudpassage if p_cloudpassage

backend cloudpassage
    server cloudpassage production.packages.cloudpassage.com:443 ssl ca-file ca-bundle.crt verifyhost production.packages.cloudpassage.com

    # /cloudpassage/cphalo-LATEST-win64.exe ===> https://packages.cloudpassage.com/windows/cphalo-4.2.2-win64.exe
    acl p_cpwin path_beg /cloudpassage/cphalo-LATEST-win
    http-request set-path %[path,regsub(/cloudpassage/cphalo-LATEST,/windows/cphalo-4.2.2)] if p_cpwin

    # /cloudpassage/cloudpassage.packages.key ===> https://packages.cloudpassage.com/cloudpassage.packages.key
    acl p_cpkey path /cloudpassage/cloudpassage.packages.key

    # NOTE(kgriffs): We should avoid proxying repo requests unless for some reason the customer
    #   refuses to open a route to packages.cloudpassage.com:443 in their firewall. That way, we
    #   aren't on the critical path each time someone does a yum update.
    #
    # /cloudpassage/debian/* ===> https://packages.cloudpassage.com/debian/*
    # /cloudpassage/redhat/* ===> https://packages.cloudpassage.com/redhat/*
    acl p_cprepo path_reg /cloudpassage/(debian|redhat)/

    http-request set-path %[path,regsub(/cloudpassage/,/)] if p_cpkey or p_cprepo

backend my-backend
    balance roundrobin
    server app01 127.0.0.1:8080 check
    server app02 127.0.0.1:8080 check