global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend deploy-raft
mode tcp
bind *:7220
default_backend be_d1
backend be_d1
mode tcp
balance roundrobin
server machine2 kuma-inst-02.avp.ru:7220 check
server machine3 kuma-inst-03.avp.ru:7220 check
server machine4 kuma-inst-04.avp.ru:7220 check
global #
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.3 no-tls-tickets
defaults #
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http_front
bind 0.0.0.0:443 ssl crt kuma-inst-01.avp.ru
default_backend be_d1 #name of the default application server group
backend be_d1 #be_d1 is the name of the application server group; used by the frontend section for addressing purposes
balance roundrobin #requests are distributed equally among available application servers
cookie SERVER insert indirect nocache #the insert parameter creates a cookie file upon request; indirect deletes the cookie file upon every incoming request before forwarding it to the application server, #nocache ensures that there is no caching between the client and the balancer
option httpchk #start HTTP check
http-check connect port 7220 #port 7220 is used for the HTTP check
http-check send meth GET #HTTP method GET is used for the check
http-check expect status 200 #a successful HTTP check gets the 200 OK status from the application server
server machine2 kuma-inst-02.avp.ru:7220 inter 4s fall 2 rise 4 ssl verify none #the inter parameter sets the http-check interval to four seconds to exclude the machine
server machine3 kuma-inst-03.avp.ru:7220 inter 4s fall 2 rise 4 ssl verify none #from the rotation, 2 consecutive checks must fail - fall 2, to return, 4 must
server machine4 kuma-inst-04.avp.ru:7220 inter 4s fall 2 rise 4 ssl verify none #complete successfully - rise 4. The authenticity of the server TLS certificate is not verified - ssl #verify none