From 19ce27937094bdb2d9ffc6b6d7eadf6e66d29a9c Mon Sep 17 00:00:00 2001 From: mayankg2703 Date: Mon, 5 Feb 2018 07:12:32 +0000 Subject: config seg aai deployment service Change-Id: Ic7572ff99d04af94e9cbab695f0597ae211fb583 Issue-ID: OOM-521 Signed-off-by: mayankg2703 --- .../docker/init/src/config/aai/haproxy/haproxy.cfg | 121 --------------------- 1 file changed, 121 deletions(-) delete mode 100644 kubernetes/config/docker/init/src/config/aai/haproxy/haproxy.cfg (limited to 'kubernetes/config') diff --git a/kubernetes/config/docker/init/src/config/aai/haproxy/haproxy.cfg b/kubernetes/config/docker/init/src/config/aai/haproxy/haproxy.cfg deleted file mode 100644 index d7773270a4..0000000000 --- a/kubernetes/config/docker/init/src/config/aai/haproxy/haproxy.cfg +++ /dev/null @@ -1,121 +0,0 @@ -global - log /dev/log local0 - stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin - stats timeout 30s - user root - group root - daemon - ################################# - # Default SSL material locations# - ################################# - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - - # Default ciphers to use on SSL-enabled listening sockets. - # For more information, see ciphers(1SSL). This list is from: - # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ - # An alternative list with additional directives can be obtained from - # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy - tune.ssl.default-dh-param 2048 - -defaults - log global - mode http - option httplog -# option dontlognull -# errorfile 400 /etc/haproxy/errors/400.http -# errorfile 403 /etc/haproxy/errors/403.http -# errorfile 408 /etc/haproxy/errors/408.http -# errorfile 500 /etc/haproxy/errors/500.http -# errorfile 502 /etc/haproxy/errors/502.http -# errorfile 503 /etc/haproxy/errors/503.http -# errorfile 504 /etc/haproxy/errors/504.http - - option http-server-close - option forwardfor except 127.0.0.1 - retries 6 - option redispatch - maxconn 50000 - timeout connect 50000 - timeout client 480000 - timeout server 480000 - timeout http-keep-alive 30000 - - -frontend IST_8443 - mode http - bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem -# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r - log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" - option httplog - log global - option logasap - option forwardfor - capture request header Host len 100 - capture response header Host len 100 - option log-separate-errors - option forwardfor - http-request set-header X-Forwarded-Proto https if { ssl_fc } - http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } - http-request set-header X-AAI-SSL %[ssl_fc] - http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify] - http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn] - http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)] - http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn] - http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore] - http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter] - http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64] - http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)] - http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)] - http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] - http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] - http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] - reqadd X-Forwarded-Proto:\ https - reqadd X-Forwarded-Port:\ 8443 - -####################### -#ACLS FOR PORT 8446#### -####################### - - acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$ - acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$ - acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$ - acl is_named-query path_beg -i /aai/search/named-query - acl is_search-model path_beg -i /aai/search/model - use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model - - default_backend IST_Default_8447 - - -####################### -#DEFAULT BACKEND 847### -####################### - -backend IST_Default_8447 - balance roundrobin - http-request set-header X-Forwarded-Port %[src_port] - http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-resources.onap-aai aai-resources.onap-aai:8447 port 8447 ssl verify none - -####################### -# BACKEND 8446######### -####################### - -backend IST_AAI_8446 - balance roundrobin - http-request set-header X-Forwarded-Port %[src_port] - http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-traversal.onap-aai aai-traversal.onap-aai:8446 port 8446 ssl verify none - -listen IST_AAI_STATS - mode http - bind *:8080 - stats uri /stats - stats enable - stats refresh 30s - stats hide-version - stats auth admin:admin - stats show-legends - stats show-desc IST AAI APPLICATION NODES - stats admin if TRUE - -- cgit 1.2.3-korg