참고
1. 목차
NOTE
•
git ops
root@tps-haproxy:~# cat /etc/haproxy/haproxy.cfg
global
log 127.0.0.1:514 local0 ### 내용 추가
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend okestro-tps
mode http
bind *:80
bind *:443 ssl crt /etc/haproxy/ssl/dev-tps-server.pem
#acl is_test_app hdr(host) -i app.tps.okestro.cld/test/app
acl is_root path /
#http-request redirect scheme https unless { ssl_fc }
#http-request redirect code 301 location https://app.tps.okestro.cld/test/app if is_test_app is_root
option forwardfor
option httplog
option dontlognull
use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/maps/tps-hosts.map,be_default)]
default_backend k8s-backend
# Kuberenetes
backend k8s-backend
option httpclose
option forwardfor
balance roundrobin
server tps-worker1 172.10.40.157:80 check
server tps-worker2 172.10.40.215:80 check
server tps-worker3 172.10.40.58:80 check
server tps-worker4 172.10.40.53:80 check
server tps-worker5 172.10.40.203:80 check
# VM-Instance
backend harbor-backend
option httpclose
option forwardfor
balance roundrobin
server tps-harbor 172.10.40.173:80 check
backend nexus-backend
option httpclose
option forwardfor
balance roundrobin
server tps-nexus 172.10.40.20:8081 check
backend sonarqube-backend
option httpclose
option forwardfor
balance roundrobin
server tps-sonarqube 172.10.40.12:9000 check
backend minio-backend
option httpclose
option forwardfor
balance roundrobin
server tps-storage 172.10.40.13:40643 check
backend jenkins-backend
option httpclose
option forwardfor
balance roundrobin
#IF JENKINS MASTER-1 IS NOT AVAILABLE CHANGE TO MASTER-2
option httpchk GET /login HTTP/1.1\r\nHost:\ jenkins.dev.tps.okestro.cld
server tps-jenkins-master-1 172.10.40.221:8080 check
# Master-Slave 2세트 분리로 인한 주석
#server tps-jenkins-master-2 172.10.40.25:8080 check backup
backend gitlab-backend
option httpclose
option forwardfor
balance roundrobin
server tps-gitlab 172.10.40.227:80 check
backend pdns-backend
option httpclose
option forwardfor
server tps-pdns 172.10.40.187:9999 check
###### PowerDNS API SERVER ######
listen powerdns-api
bind *:8888
mode tcp
server pdnsapi 127.0.0.1:8081
Bash
복사
목차
NOTE
•
•
1. 목차
NOTE
•
•
목차
NOTE
•
•