global log /dev/log local0 debug log /dev/log local1 debug chroot /var/lib/haproxy stats socket /run/haproxy/admin1.sock mode 666 level admin process 1 stats socket /run/haproxy/admin2.sock mode 666 level admin process 2 stats socket /run/haproxy/admin3.sock mode 666 level admin process 3 stats socket /run/haproxy/admin4.sock mode 666 level admin process 4 stats timeout 30s user haproxy group haproxy daemon nbproc 4 cpu-map 1 0 cpu-map 2 1 cpu-map 3 1 cpu-map 4 0 # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL ssl-default-bind-options no-sslv3 maxconn 10000 defaults log global rate-limit sessions 100000 maxconn 1000000 mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen haproxy-stats bind-process 1 bind :8080 stats uri / stats show-node stats refresh 10s stats show-legends no log acl wl_stats src -f /etc/haproxy/wl_stats tcp-request connection reject unless wl_stats listen haproxy-stats2 bind-process 2 bind :8081 stats uri / stats show-node stats refresh 10s stats show-legends no log listen haproxy-stats3 bind-process 3 bind :8082 stats uri / stats show-node stats refresh 10s stats show-legends no log listen haproxy-stats4 bind-process 4 bind :8083 stats uri / stats show-node stats refresh 10s stats show-legends no log frontend frontend_proc1 bind-process 1 bind 0.0.0.0:81 http-request add-header X-rand %[rand(2),map(/etc/haproxy/v-m1-bk,www.foo.com-0)] acl https_traffic ssl_fc default_backend backend_proc1 backend backend_proc1 bind-process 1 default-server inter 1000s option httpchk GET / HTTP/1.1\r\nHost:\ app.foo.com\r\nUser-Agent:\ HAProxy server member1_proc1 10.196.70.109:80 server member2_proc1 10.196.70.109:80 server bck_all_srv1 10.196.70.109:88 weight 100 check fall 2 inter 5s rise 3 frontend frontend_proc2 bind :82 acl bl_frontend src -f /etc/haproxy/bl_frontend tcp-request connection reject if bl_frontend acl catch_static path_beg /static/js/ /static/css/ bind-process 2 default_backend backend_proc2 backend backend_proc2 bind-process 2 default-server inter 1000s option httpchk GET / HTTP/1.1\r\nHost:\ app.foo.com\r\nUser-Agent:\ HAProxy server bck_proc2_srv1_proc2 127.0.0.1:8001 check fall 2 inter 5s rise 3 server bck_proc2_srv2_proc2 127.0.0.1:8002 check fall 2 inter 5s rise 3 server bck_proc2_srv3_proc2 127.0.0.1:8003 check fall 2 inter 5s rise 3 server bck_proc2_srv4_proc2 127.0.0.1:8004 check fall 2 inter 5s rise 3 frontend frontend1_proc34 bind :83 process 3 bind :83 process 4 acl vuvuzela_found req.cook(vuvuzela) -m found acl vuvuzela_0 req.cook(vuvuzela) ver%3A27%3Bvar%3A0 acl vuvuzela_1 req.cook(vuvuzela) ver%3A27%3Bvar%3A1 stick-table type ip size 1m expire 5m store gpc0 default_backend backend1_proc34 backend backend1_proc34 bind-process 3,4 default-server inter 1000s option httpchk GET / HTTP/1.1\r\nHost:\ app.foo.com\r\nUser-Agent:\ HAProxy server bck1_proc34_srv1 10.196.70.109:80 check fall 2 inter 5s rise 3 server bck1_proc34_srv2 10.196.70.109:80 check fall 2 inter 5s rise 3 server bck_all_srv1 10.196.70.109:80 check fall 2 inter 5s rise 3 frontend frontend2_proc34 bind :84 process 3 bind :84 process 4 default_backend backend2_proc34 backend backend2_proc34 bind-process 3,4 default-server inter 1000s option httpchk GET / HTTP/1.1\r\nHost:\ app.foo.com\r\nUser-Agent:\ HAProxy server bck2_proc34_srv1 10.196.70.109:80 server bck2_proc34_srv2 10.196.70.109:80 check weight 100 fall 2 inter 5s rise 3 server bck_all_srv1 10.196.70.109:80