-
Notifications
You must be signed in to change notification settings - Fork 213
/
Copy pathhaproxy_template.cfg
96 lines (86 loc) · 3.94 KB
/
haproxy_template.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
# ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
# Template Customization
frontend http-in
bind *:80
{{ $services := .Services }}
{{ range $index, $app := .Apps }} {{ if hasKey $services $app.Id }} {{ $service := getService $services $app.Id }}
acl {{ $app.EscapedId }}-aclrule {{ $service.Acl}}
use_backend {{ $app.EscapedId }}-cluster if {{ $app.EscapedId }}-aclrule
{{ else }}
# This is the default proxy criteria
acl {{ $app.EscapedId }}-aclrule path_beg -i {{ $app.Id }}
# another possible default using DNS-friendly MesosDnsId:
#acl {{ $app.EscapedId }}-aclrule hdr_dom(host) -i {{ $app.MesosDnsId }}
use_backend {{ $app.EscapedId }}-cluster if {{ $app.EscapedId }}-aclrule
{{ end }} {{ end }}
stats enable
# CHANGE: Your stats credentials
stats auth admin:admin
stats uri /haproxy_stats
{{ range $index, $app := .Apps }} {{ if $app.Env.BAMBOO_TCP_PORT }}
listen {{ $app.EscapedId }}-cluster-tcp :{{ $app.Env.BAMBOO_TCP_PORT }}
mode tcp
option tcplog
balance roundrobin
{{ range $page, $task := .Tasks }}
server {{ $app.EscapedId}}-{{ $task.Host }}-{{ $task.Port }} {{ $task.Host }}:{{ $task.Port }} {{ if $app.HealthCheckPath }} check inter 30000 {{ end }} {{ end }}
{{ end }}
backend {{ $app.EscapedId }}-cluster{{ if $app.HealthCheckPath }}
option httpchk GET {{ $app.HealthCheckPath }}
{{ end }}
balance leastconn
option httpclose
option forwardfor
{{ range $page, $task := .Tasks }}
# {{ if .Ready }} ### Comment in to only put ready tasks into rotation.
server {{ $app.EscapedId}}-{{ $task.Host }}-{{ $task.Port }} {{ $task.Host }}:{{ $task.Port }} {{ if $app.HealthCheckPath }} check inter 30000 {{ end }} {{ if eq $app.HealthCheckProtocol "HTTPS" }} ssl verify none {{ end }} {{ end }}
# {{ end }}{{/* if .Ready */}} ### Comment in to only put ready tasks into rotation.
{{ end }}
##
## map service ports of marathon apps
## ( see https://mesosphere.github.io/marathon/docs/service-discovery-load-balancing.html#ports-assignment ))
## to haproxy frontend port
##
## {{ range $index, $app := .Apps }}
## {{ range $serviceIndex, $servicePort := $app.ServicePorts }}
## listen {{ $app.EscapedId }}_{{ $servicePort }}
## bind *:{{ $servicePort }}
## mode http
## {{ if $app.HealthCheckPath }}
## # option httpchk GET {{ $app.HealthCheckPath }}
## {{ end }}
## balance leastconn
## option forwardfor
## {{ range $page, $task := $app.Tasks }}
## server {{ $app.EscapedId }}-{{ $task.Host }}-{{ index $task.Ports $serviceIndex }} {{ $task.Host }}:{{ index $task.Ports $serviceIndex }} {{ if $app.HealthCheckPath }} check inter 30000 {{ end }} {{ if eq $app.HealthCheckProtocol "HTTPS" }} ssl verify none {{ end }} {{ end }}
## {{ end }}
## {{ end }}