Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • opensearch
  • master-wo-opendistro-plugins
  • dev-bartos
  • tag-modification
  • java-upgrade
  • ports
  • nifi-update
  • kiril.kjiroski-master-patch-71888
  • user-mgmt-ui
  • interactive
  • cluster-support
  • dev5
  • dev4
  • dev02
  • dev01b
  • dev1
  • dev3
  • dev2
  • v1.0
  • v0.7
21 results
Blame Permalink
haproxy.cfg.j2 3.32 KiB 
global
  #quiet
  log stdout format raw local0
  nbproc {{ HAPROXY_PROCESSES }}
  ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  ssl-dh-param-file /usr/local/etc/haproxy/dhparam.pem

defaults
  mode http
  maxconn 5000
  log global
  timeout connect 5s
  timeout client  20s
  timeout server  20s

listen stats
        bind 0.0.0.0:8888
        stats enable
        stats hide-version
        stats uri     /
        stats realm   HAProxy Statistics
        stats auth    haproxy:{{ HAPROXY_STATS_PASS }}

listen nifiserv
	bind *:9443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
	mode http
	maxconn 5000
	fullconn 5000
	balance source
	option tcpka
{% for nifihost in groups['nificontainers'] %}
	server {{nifihost}} {{nifihost}}:9443 ssl check verify none
{% endfor %}

listen odfeserv
        bind *:9200 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
        mode http
        maxconn 5000
        fullconn 5000
        balance source
        option tcpka
{% for odfehost in groups['odfeescontainers'] %}
     	server {{odfehost}} {{odfehost}}:9200 ssl check verify none
{% endfor %}
	
listen keycloakserv
        bind *:10443 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
        mode http
        maxconn 5000
        fullconn 5000
        balance source
        option tcpka
{% for keycloakhost in groups['keycloakcontainers'] %}
	server {{keycloakhost}} {{keycloakhost}}:8443 ssl check verify none
{% endfor %}

{% for port in range(50, 60) %}
listen nifiservtcp77{{port}}
	bind *:77{{port}}
	mode tcp
        maxconn 5000
        fullconn 5000
        balance source
        option tcpka
	option tcp-check
	tcp-check connect port 77{{port}}
{% for nifihost in groups['nificontainers'] %}
   	server {{nifihost}} {{nifihost}}:77{{port}} check

{% endfor %}
{% endfor %}


listen nifiservtcp7771
	bind *:7771
	mode tcp
        maxconn 5000
        fullconn 5000
        balance source
        option tcpka
	option tcp-check
	tcp-check connect port 7771
{% for nifihost in groups['nificontainers'] %}
   	server {{nifihost}} {{nifihost}}:7771 check
{% endfor %}


{% for port in range(5000, 5020) %}
listen nifiservhttp{{port}}
        bind *:{{port}}
        mode http
        maxconn 5000
        fullconn 5000
        balance source
        option tcpka
{% for nifihost in groups['nificontainers'] %}
        server {{nifihost}} {{nifihost}}:{{port}} check
{% endfor %}

{% endfor %}


{% for port in range(6000, 6020) %}
listen nifiservtcp{{port}}
        bind *:{{port}}
        mode tcp 
        maxconn 5000
        fullconn 5000
        balance source
        option tcpka
        option tcp-check
        tcp-check connect port {{port}}
{% for nifihost in groups['nificontainers'] %}
        server {{nifihost}} {{nifihost}}:{{port}} check
{% endfor %}

{% endfor %}