infra: add haproxy to as central reverse proxy
- add haproxy to work as central reverse proxy - based on the domain, it can route to either docker or k8s proxy
This commit is contained in:
42
infra/haproxy/haproxy.cfg
Normal file
42
infra/haproxy/haproxy.cfg
Normal file
@@ -0,0 +1,42 @@
|
||||
global
|
||||
log /dev/log local0
|
||||
log 127.0.0.1 local2
|
||||
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
|
||||
stats timeout 30s
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
maxconn 10000
|
||||
|
||||
defaults
|
||||
log global
|
||||
mode tcp
|
||||
option dontlognull
|
||||
timeout connect 5s
|
||||
timeout client 3600s
|
||||
timeout server 3600s
|
||||
|
||||
frontend https-in
|
||||
bind *:443
|
||||
mode tcp
|
||||
option tcplog
|
||||
|
||||
tcp-request inspect-delay 5s
|
||||
tcp-request content accept if { req_ssl_hello_type 1 }
|
||||
|
||||
acl is_docker req_ssl_sni -i -m end .docker.mydomain.com
|
||||
acl is_k8s req_ssl_sni -i -m end .mydomain.com
|
||||
|
||||
# More specific wins → put docker rule first
|
||||
use_backend docker_backend if is_docker
|
||||
use_backend k8s_backend if is_k8s
|
||||
|
||||
default_backend k8s_backend
|
||||
|
||||
backend k8s_backend
|
||||
mode tcp
|
||||
server k8s-ingress 192.168.1.141:443 check inter 10s fall 3 rise 2
|
||||
|
||||
backend docker_backend
|
||||
mode tcp
|
||||
server docker-proxy 192.168.1.135:443 check inter 10s fall 3 rise 2
|
||||
Reference in New Issue
Block a user