차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

haproxy_설정_예제 [2018/10/18 22:54] (현재)
koov 만듦
줄 1: 줄 1:
 +====== HAProxy 설정 예제 ======
 +
 +
 +<WRAP prewrap>
 +<code vim haproxy.cfg>​
 +global
 + log /​dev/​log local0
 + log /​dev/​log local1 notice
 + chroot /​var/​lib/​haproxy
 + stats socket /​run/​haproxy/​admin.sock mode 660 level admin
 + stats timeout 30s
 + user haproxy
 + group haproxy
 + daemon
 +
 + # Default SSL material locations
 + ca-base /​etc/​ssl/​certs
 + crt-base /​etc/​ssl/​private
 +
 + # Default ciphers to use on SSL-enabled listening sockets.
 + # For more information,​ see ciphers(1SSL). This list is from:
 + #  https://​hynek.me/​articles/​hardening-your-web-servers-ssl-ciphers/​
 + # An alternative list with additional directives can be obtained from
 + #  https://​mozilla.github.io/​server-side-tls/​ssl-config-generator/?​server=haproxy
 + ssl-default-bind-ciphers ECDH+AESGCM:​DH+AESGCM:​ECDH+AES256:​DH+AES256:​ECDH+AES128:​DH+AES:​RSA+AESGCM:​RSA+AES:​!aNULL:​!MD5:​!DSS
 + ssl-default-bind-options no-sslv3
 +
 +defaults
 + log global
 + mode http
 + option httplog
 + option dontlognull
 +        timeout connect 5000
 +        timeout client ​ 50000
 +        timeout server ​ 50000
 + errorfile 400 /​etc/​haproxy/​errors/​400.http
 + errorfile 403 /​etc/​haproxy/​errors/​403.http
 + errorfile 408 /​etc/​haproxy/​errors/​408.http
 + errorfile 500 /​etc/​haproxy/​errors/​500.http
 + errorfile 502 /​etc/​haproxy/​errors/​502.http
 + errorfile 503 /​etc/​haproxy/​errors/​503.http
 + errorfile 504 /​etc/​haproxy/​errors/​504.http
 +
 +frontend http
 + bind *:80
 +        acl is_home.koov.net hdr(host) -i home.koov.net
 +        acl is_dev.koov.net hdr(host) -i dev.koov.net
 +        acl is_mail.koov.net hdr(host) -i mail.koov.net
 +        acl is_talk.koov.net hdr(host) -i talk.koov.net
 +        acl is_nas.linuxdata.kr ​        ​hdr(host) -i nas.linuxdata.kr
 +
 + # 호스트명이 allthatlinux.com,​ 이나 linuxdata.kr 으로 끝나는 모든 요청
 + acl is_allthatlinux.com hdr_end(host) -i allthatlinux.com
 + acl is_linuxdata.kr hdr_end(host) -i linuxdata.kr
 +
 + # nas 요청중 / 요청을 리다이렉션
 +        #acl is_redirect_nas ​            path -i /
 +        #redirect code 301 location /​webman/​index.cgi if is_redirect_nas is_nas.linuxdata.kr
 +        #redirect code 301 location http://​nas.linuxdata.kr/​webman/​index.cgi if is_redirect_nas
 +        #redirect prefix /​webman/​index.cgi code 301 if is_nas.linuxdata.kr is_redirect_nas
 +
 +        ## figure out which one to use
 +        use_backend backend_home.koov.net if is_home.koov.net
 +        use_backend backend_dev.koov.net if is_dev.koov.net
 +        use_backend backend_mail.koov.net if is_mail.koov.net
 +        use_backend backend_talk.koov.net if is_talk.koov.net
 +        use_backend backend_allthatlinux.com ​   if is_allthatlinux.com or is_linuxdata.kr
 +
 +        default_backend backend_home.koov.net
 +
 +backend backend_home.koov.net
 +        server ​ static ​ 192.168.0.24:​80 ​       check
 +
 +backend backend_dev.koov.net
 +        server ​ static ​ 192.168.0.27:​80 ​       check
 +
 +backend backend_allthatlinux.com
 +        server ​ static ​ 192.168.0.21:​80 ​       check
 +
 +backend backend_talk.koov.net
 +        server ​ static ​ 192.168.0.28:​80 ​       check
 +
 +backend backend_mail.koov.net
 +        server ​ static ​ 192.168.0.19:​80 ​       check
 +
 +### Mysql Connection Forward
 +listen ​ mysql-db1
 +        bind *:3306
 +        mode tcp
 +        #timeout client ​ 10800s
 +        #timeout server ​ 10800s
 +        balance leastconn
 +        #option httpchk
 +        #option allbackups
 +        #​default-server port 9200 inter 2s downinter 5s rise 3 fall 2 slowstart 60s maxconn 64 maxqueue 128 weight 100
 +        server mysql1 192.168.0.30:​3306 check  # Destination DB Server
 +
 +</​code>​
 +</​WRAP>​
  
  • haproxy_설정_예제.txt
  • 마지막으로 수정됨: 2018/10/18 22:54
  • 저자 koov