backend-haproxy.cfg.in 9.48 KB
Newer Older
1 2 3 4 5
global
  pidfile {{ configuration['pid-file'] }}
  # master-worker is compatible with foreground with process management
  master-worker

6
log {{ configuration['log-socket'] }} local0
7 8 9 10 11 12 13 14 15
defaults
  log global
  mode http
  option httplog
  timeout queue 60s
  timeout server {{ configuration['request-timeout'] }}s
  timeout client {{ configuration['request-timeout'] }}s
  timeout connect {{ configuration['backend-connect-timeout'] }}s
  retries {{ configuration['backend-connect-retries'] }}
16 17
  {#- Allow to start with not resolved yet servers #}
  default-server init-addr last,libc,none
18

19
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
20
{%- macro frontend_entry(slave_reference, hostname, slave_instance, scheme) %}
21
{%-   if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
22 23 24 25 26 27 28 29 30 31 32 33
{%-     if hostname.startswith('*') %}
{%-       set matcher = '' ~ hostname[2:] ~ '$' %}
{%-     else %}
{%-       set matcher = '^' ~ hostname ~ '$' %}
{%-     endif %}
{%-     set acl = '{ req.hdr(host),host_only -m reg ' ~ matcher ~ ' }' %}
{%-     if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['health-check-failover-hostname'] %}
  acl is_failover_{{ slave_reference }}_{{ scheme }} nbsrv({{ slave_reference }}-{{ scheme }}) eq 0
  use_backend {{ slave_reference }}-{{ scheme }} if {{ acl }} ! is_failover_{{ slave_reference }}_{{ scheme }}
  use_backend {{ slave_reference }}-{{ scheme }}-failover if {{ acl }} is_failover_{{ slave_reference }}_{{ scheme }}
{%-     else %}
  use_backend {{ slave_reference }}-{{ scheme }} if {{ acl }}
34
{%-     endif %}
35
{%-   endif %}
36 37
{%- endmacro %}

38 39 40 41 42 43 44 45
# statistic
frontend statistic
  bind {{ configuration['global-ipv6']}}:{{ configuration['statistic-port'] }} ssl crt {{ configuration['statistic-certificate'] }}
  stats enable
  stats uri /
  stats show-desc {{ configuration['statistic-identification'] }}
  stats auth {{ configuration['statistic-username'] }}:{{ configuration['statistic-password'] }}
  stats realm {{ configuration['statistic-identification'] }}
46 47
  stats scope http-backend
  stats scope https-backend
48

49 50
frontend http-backend
  bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
51 52
  http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
  http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
53 54
  # setup Date
  http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
55 56
{%- for entry in backend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], backend_slave_dict[entry['slave_reference']], 'http') -}}
57 58 59 60
{%- endfor %}

frontend https-backend
  bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
61 62
  http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
  http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
63 64
  # setup Date
  http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
65 66
{%- for entry in backend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], backend_slave_dict[entry['slave_reference']], 'https') -}}
67
{%- endfor %}
68

69 70
{%- for slave_reference in sorted(backend_slave_dict) %}
{%-   set slave_instance = backend_slave_dict[slave_reference] %}
71
{%-   for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
72
{%-     set info_dict = slave_instance[prefix] %}
73 74 75 76 77 78 79 80
{%-     if info_dict['hostname'] and info_dict['port'] %}
{%-       set ssl_list = [] %}
{%-       if info_dict['scheme'] == 'https' %}
{%-         if slave_instance['authenticate-to-backend'] %}
{%-           do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
{%-         endif %}
{%-         do ssl_list.append('ssl verify') %}
{%-         if slave_instance['ssl_proxy_verify'] %}
81 82
{%-           if slave_instance['path_to_ssl_proxy_ca_crt']  %}
{%-             do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %}
83 84 85 86 87
{%-           else %}
{#-           Backend SSL shall be verified, but not CA provided, disallow connection #}
{#-           Simply dropping hostname from the dict will result with ignoring it... #}
{%-           do info_dict.__setitem__('hostname', '') %}
{%-           endif %}
88
{%-         else %}
89
{%-           do ssl_list.append('none') %}
90 91 92 93
{%-         endif %}
{%-       endif %}

backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
94 95
{%-       set hostname = info_dict['hostname'] %}
{%-       set port = info_dict['port'] %}
96 97 98 99 100 101
{%-       set path_list = [info_dict['path'].rstrip('/')] %}
{%-       set query = info_dict['query'] %}
{%-       if query %}
{%-         do path_list.append(query) %}
{%-       endif %}
{%-       set path = '?'.join(path_list) %}
102
{%-       if hostname and port or len(info_dict['netloc-list']) > 0 %}
103 104 105
  timeout server {{ slave_instance['request-timeout'] }}s
  timeout connect {{ slave_instance['backend-connect-timeout'] }}s
  retries {{ slave_instance['backend-connect-retries'] }}
106 107
{%-         set active_check_list = [] %}
{%-         set active_check_option_list = [] %}
108
{%-         if slave_instance['health-check'] %}
109
{%-           do active_check_list.append('check') %}
110 111 112 113
{%-           do active_check_list.append('inter %ss' % (slave_instance['health-check-interval'])) %}
{%-           do active_check_list.append('rise %s' % (slave_instance['health-check-rise'])) %}
{%-           do active_check_list.append('fall %s' % (slave_instance['health-check-fall'])) %}
{%-           if slave_instance['health-check-http-method'] != 'CONNECT' %}
114
{%-             do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode | replace('%', '%%'), slave_instance['health-check-http-version'])) %}
115
{%-           endif %}
116
{%-           do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %}
117
{%-         endif %}
118 119 120 121 122 123 124
{%-         if len(info_dict['netloc-list']) > 0 %}
{%-           set counter = {'count': 1} %}
{%-           for netloc in info_dict['netloc-list'] %}
  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }}-{{ counter['count'] }} {{ netloc }} {{ ' '.join(ssl_list) }} {{ ' ' + ' '.join(active_check_list)}}
{%-             do counter.__setitem__('count', counter['count'] + 1) %}
{%-           endfor %}
{%-         else %}
125
  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }} {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }} {{ ' ' + ' '.join(active_check_list)}}
126
{%-         endif %}
127 128 129
{%-         for active_check_option in active_check_option_list %}
  {{ active_check_option }}
{%-         endfor %}
130
{%-         if path %}
131
  http-request set-path {{ path }}%[path]
132
{%-         endif %}
133 134
{%-       endif %}
{%-     endif %}
135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164
{%-     if info_dict['health-check-failover-hostname'] and info_dict['health-check-failover-port'] %}
{%-       set ssl_list = [] %}
{%-       if info_dict['health-check-failover-scheme'] == 'https' %}
{%-         if slave_instance['health-check-authenticate-to-failover-backend'] %}
{%-           do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
{%-         endif %}
{%-         do ssl_list.append('ssl verify') %}
{%-         if slave_instance['health-check-failover-ssl-proxy-verify'] %}
{%-           if slave_instance['path_to_health-check-failover-ssl-proxy-ca-crt']  %}
{%-             do ssl_list.append('required ca-file %s' % (slave_instance['path_to_health-check-failover-ssl-proxy-ca-crt'],)) %}
{%-           else %}
{#-           Backend SSL shall be verified, but not CA provided, disallow connection #}
{#-           Simply dropping hostname from the dict will result with ignoring it... #}
{%-           do info_dict.__setitem__('health-check-failover-hostname', '') %}
{%-           endif %}
{%-         else %}
{%-           do ssl_list.append('none') %}
{%-         endif %}
{%-       endif %}

backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover
{%-       set hostname = info_dict['health-check-failover-hostname'] %}
{%-       set port = info_dict['health-check-failover-port'] %}
{%-       set path_list = [info_dict['health-check-failover-path'].rstrip('/')] %}
{%-       set query = info_dict['health-check-failover-query'] %}
{%-       if query %}
{%-         do path_list.append(query) %}
{%-       endif %}
{%-       set path = '?'.join(path_list) %}
{%-       if hostname and port %}
165 166 167 168 169 170 171 172 173
{%-         if len(info_dict['health-check-netloc-list']) > 0 %}
{%-           set counter = {'count': 1} %}
{%-           for netloc in info_dict['health-check-netloc-list'] %}
  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }}-{{ counter['count'] }} {{ netloc }} {{ ' '.join(ssl_list) }}
{%-             do counter.__setitem__('count', counter['count'] + 1) %}
{%-           endfor %}
{%-         else %}
  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }} {{ hostname }}:{{ port }} {{ ' '.join(ssl_list) }}
{%-         endif %}
174
  timeout connect {{ slave_instance['backend-connect-timeout'] }}s
175
  timeout server {{ slave_instance['request-timeout'] }}s
176 177 178 179 180 181
  retries {{ slave_instance['backend-connect-retries'] }}
{%-         if path %}
  http-request set-path {{ path }}%[path]
{%-         endif %}
{%-       endif %}
{%-     endif %}
182
{%-   endfor %}
183 184
{% endfor %}
{# END OF FILE #}