aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/vvp/charts/vvp-ext-haproxy/resources/config/ext-haproxy-cfg/file
blob: ca7b40a7bccf24538062edc160877ef6f63a69fc (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

resolvers dns
    nameserver pod_dns "10.3.0.10:53"
    resolve_retries    3
    timeout retry      1s
    hold valid         30s

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms
    option httpclose
    option redispatch
    option abortonclose
    option httplog
    option dontlognull
    default-server init-addr last,libc,none

backend gitlab_ssh
    mode tcp
    option tcplog
    timeout server 2h
    server gitlabssh vvp-gitlab:22 resolvers dns

frontend gitlab_ssh_frontend
    mode tcp
    option tcplog
    timeout client 2h
    bind 0.0.0.0:22
    acl is_ssh dst_port 22
    use_backend gitlab_ssh if is_ssh

backend portal_backend
    mode http
    server ice_portal vvp:8181 resolvers dns

backend api
    mode http
    server engagement_manager vvp-em-uwsgi:80 resolvers dns

backend s3
    mode http
    balance roundrobin
    option httpchk HEAD /
    server ceph-01 10.252.0.21:8080 check inter 10000ms

frontend portal
    mode http
    acl is_api_call path_beg -i /vvp
    acl is_s3       hdr_beg(host) s3.  staging-s3.  dev-s3.
    use_backend api if is_api_call
    use_backend s3 if is_s3
    bind 0.0.0.0:80
    bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12
    default_backend portal_backend

listen stats
    bind 0.0.0.0:9001
    mode http
    stats enable  # Enable stats page
    stats realm Haproxy\ Statistics
    stats uri /haproxy_stats
    stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
    acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
    http-request deny if !network_allowed