Re: share haproxy config for radosgw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Something like this works…

# HAProxy configuration

#------------------
# Global settings
#------------------
global
    log /dev/log    local0
    log /dev/log    local1 notice
    user haproxy
    group haproxy
    chroot  /var/lib/haproxy
    daemon
    stats socket /var/lib/haproxy/stats mode 660 level admin
    maxconn 65536
    spread-checks 4
    tune.ssl.default-dh-param        2048
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

#------------------
# common defaults that all the 'listen' and 'backend' sections will
# use- if not designated in their block
#------------------
defaults
    log global
    mode http
    retries 3
    balance roundrobin
    option              abortonclose
    option              redispatch
    option              dontlognull
    option              log-health-checks
    maxconn 20480
    timeout connect         5s
    timeout client          50s
    timeout server          50s
    timeout http-request    20s
    timeout http-keep-alive 30s
    timeout check           10s
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

#------------------
# frontend instances
#------------------
frontend ext-http-in
    bind   10.1.2.10:80 name s3
    bind   10.1.2.10:443 ssl crt certificate.pem name secure-s3
    maxconn 25000
    option              forwardfor if-none
    option              http-server-close
    option              httplog
    default_backend be_rgw-zone1
    use_backend be_rgw-zone1 if host_s3

#------------------
# backend instances
#------------------
backend be_rgw-zone1
    mode http
    option http-server-close
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server radosgw-vip1 10.1.2.1:80 check
    server radosgw-vip2 10.1.2.2:80 check
    server radosgw-vip3 10.1.2.3:80 check

From: Szabo, Istvan (Agoda) <Istvan.Szabo@xxxxxxxxx>
Date: Sunday, February 7, 2021 at 8:25 PM
To: Marc <Marc@xxxxxxxxxxxxxxxxx>, ceph-users@xxxxxxx <ceph-users@xxxxxxx>
Subject:  Re: share haproxy config for radosgw
Let me join to this thread, I'd be interested also with HTTPS and beast configuration on HA+Proxy level. Haven't managed to make it ever work.


-----Original Message-----
From: Marc <Marc@xxxxxxxxxxxxxxxxx>
Sent: Monday, February 8, 2021 5:19 AM
To: ceph-users@xxxxxxx
Subject:  share haproxy config for radosgw

Email received from outside the company. If in doubt don't click links nor open attachments!
________________________________

I was wondering if someone could post a config for haproxy. Is there something specific to configure? Like binding clients to a specific backend server, client timeouts, security specific to rgw etc.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx

________________________________
This message is confidential and is for the sole use of the intended recipient(s). It may also be privileged or otherwise protected by copyright or other legal rules. If you have received it by mistake please let us know by reply email and delete it from your system. It is prohibited to copy this message or disclose its content to anyone. Any confidentiality or privilege is not waived or lost by any mistaken delivery or unauthorized disclosure of the message. All messages sent to and from Agoda may be monitored to ensure compliance with company policies, to protect the company's interests and to remove potential malware. Electronic messages may be intercepted, amended, lost or deleted, or contain viruses.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux