53 lines
1.7 KiB
INI
53 lines
1.7 KiB
INI
global
|
|
default-path config
|
|
#zero-warning
|
|
maxconn 20000
|
|
log 127.0.0.1 local0
|
|
user haproxy
|
|
#pidfile /run/haproxy.pid
|
|
hard-stop-after 5m
|
|
daemon
|
|
user haproxy
|
|
group haproxy
|
|
|
|
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
|
|
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
|
|
|
# default settings common to all HTTP proxies below
|
|
defaults
|
|
mode http
|
|
log global
|
|
timeout client 1m
|
|
timeout server 1m
|
|
timeout connect 10s
|
|
timeout http-keep-alive 2m
|
|
timeout queue 15s
|
|
timeout tunnel 4h # for websocket
|
|
|
|
frontend external
|
|
bind :443 name secure ssl crt /etc/haproxy/cert.pem
|
|
|
|
.if feature(QUIC)
|
|
bind quic4@:443 name quic ssl crt /etc/haproxy/cert.pem
|
|
http-response add-header alt-svc 'h3=":443"; ma=90000'
|
|
.endif
|
|
|
|
http-request redirect scheme https code 308 unless { ssl_fc }
|
|
http-request del-header x-forwarded-for
|
|
option forwardfor
|
|
option httplog
|
|
|
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
|
|
|
# enable HTTP compression of text contents
|
|
compression algo deflate gzip
|
|
compression type text/ application/javascript application/xhtml+xml image/x-icon
|
|
|
|
default_backend domserver
|
|
|
|
backend domserver
|
|
balance leastconn
|
|
option abortonclose
|
|
server gitea1 127.0.0.1:8080 maxconn 100 check inter 1s
|