From 1aafc6c72398c8992c9e487d6c20df45d77ee97e Mon Sep 17 00:00:00 2001 From: zeus Date: Thu, 9 Dec 2021 19:50:02 +0200 Subject: [PATCH] haproxy --- install/usr/share/swarmlab.io/sec/haproxy.cfg | 102 ++++++++++++++++++ .../usr/share/swarmlab.io/sec/swarmlab-sec | 2 + 2 files changed, 104 insertions(+) create mode 100644 install/usr/share/swarmlab.io/sec/haproxy.cfg diff --git a/install/usr/share/swarmlab.io/sec/haproxy.cfg b/install/usr/share/swarmlab.io/sec/haproxy.cfg new file mode 100644 index 0000000..a1a0aae --- /dev/null +++ b/install/usr/share/swarmlab.io/sec/haproxy.cfg @@ -0,0 +1,102 @@ +#--------------------------------------------------------------------- +# Example configuration for a possible web application. See the +# full configuration options online. +# +# https://www.haproxy.org/download/2.6/doc/configuration.txt +# https://cbonte.github.io/haproxy-dconv/2.6/configuration.html +# +#--------------------------------------------------------------------- + +#--------------------------------------------------------------------- +# Global settings +#--------------------------------------------------------------------- +global + # to have these messages end up in /var/log/haproxy.log you will + # need to: + # + # 1) configure syslog to accept network log events. This is done + # by adding the '-r' option to the SYSLOGD_OPTIONS in + # /etc/sysconfig/syslog + # + # 2) configure local2 events to go to the /var/log/haproxy.log + # file. A line like the following can be added to + # /etc/sysconfig/syslog + # + # local2.* /var/log/haproxy.log + # + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + # daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode http + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +#--------------------------------------------------------------------- +# example how to define user and enable Data Plane API on tcp/5555 +# more information: https://github.com/haproxytech/dataplaneapi and +# https://www.haproxy.com/documentation/hapee/2-0r1/configuration/dataplaneapi/ +#--------------------------------------------------------------------- +# userlist haproxy-dataplaneapi +# user admin insecure-password mypassword +# +# program api +# command /usr/bin/dataplaneapi --host 0.0.0.0 --port 5555 --haproxy-bin /usr/sbin/haproxy --config-file /etc/haproxy/haproxy.cfg --reload-cmd "kill -SIGUSR2 1" --restart-cmd "kill -SIGUSR2 1" --reload-delay 5 --userlist hapee-dataplaneapi +# no option start-on-reload + +#--------------------------------------------------------------------- +# main frontend which proxys to the backends +#--------------------------------------------------------------------- +frontend main + bind *:80 + # bind *:443 ssl # To be completed .... + + acl url_static path_beg -i /static /images /javascript /stylesheets + acl url_static path_end -i .jpg .gif .png .css .js + + use_backend static if url_static + default_backend app + +#--------------------------------------------------------------------- +# static backend for serving up images, stylesheets and such +#--------------------------------------------------------------------- +backend static + balance roundrobin + server static1 127.0.0.1:4331 check + server static2 127.0.0.1:4332 check + +#--------------------------------------------------------------------- +# round robin balancing between the various backends +#--------------------------------------------------------------------- +backend app + balance roundrobin + server app1 127.0.0.1:5001 check + server app2 127.0.0.1:5002 check + server app3 127.0.0.1:5003 check + server app4 127.0.0.1:5004 check diff --git a/install/usr/share/swarmlab.io/sec/swarmlab-sec b/install/usr/share/swarmlab.io/sec/swarmlab-sec index bc302ba..4013f93 100755 --- a/install/usr/share/swarmlab.io/sec/swarmlab-sec +++ b/install/usr/share/swarmlab.io/sec/swarmlab-sec @@ -264,6 +264,7 @@ fi /bin/cp -f $DIR/$hostnames_get $Wdir/$hostnames_get /bin/cp -f $DIR/ROOT_PASSWORD $Wdir/ROOT_PASSWORD /bin/cp -rf $DIR/.vimrc $Wdir/.vimrc +/bin/cp -rf $DIR/haproxy.cfg $Wdir/haproxy.cfg /bin/cp -rf $DIR/install-vim-plugin.sh $Wdir/install-vim-plugin.sh @@ -291,6 +292,7 @@ services: volumes: - $Wdir/project:/home/docker/project - $Wdir/$bootstrap:/usr/bin/$bootstrap + - $Wdir/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg # workerservice: