This repository has been archived by the owner on Nov 6, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adding haproxy configuration; working on enabling https - issue #18
Former-commit-id: 7cfc7c25cc4292f08d0ce3362b0672478ad69ce8 [formerly 8937183] Former-commit-id: 261ae5e Former-commit-id: a5be96f
- Loading branch information
Showing
3 changed files
with
141 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
Bag Attributes | ||
friendlyName: ssl.repo | ||
localKeyID: 54 69 6D 65 20 31 33 34 34 37 35 38 38 33 38 35 39 33 | ||
Key Attributes: <No Attributes> | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIICXAIBAAKBgQCX67H7604bPWaBpmfSrQMlQamw/25gGpH9skaKOIv0gHDXzYRY | ||
KRvGusQwHEDpf2IE5PoSPcsbmc7T6fqHsCcUjtE5qTv56i+qTz6FBFoh5VWZjBJG | ||
HRs6VLQ8Jk9Emz73cgod9fUR+xqquGQ59SYce0yrnCIuseytGW3irqYKiwIDAQAB | ||
AoGARvYdCOL8dNTVULH9xPZzha+KJ9boI5PFpY7kTCPlm6tzChpBOzzYcJdElIRd | ||
/bM2gbrC5Epg2N+bMHkWQNMTLVgUISR0pSeqGgCDEdbRVnk8xxRnwdEwQbu+fv95 | ||
PNCmZkVb5Wvlqr4afpYspzsZ1C/aU0cDoVsyLUhO6ql/YsECQQDqmDVNnCo3HgHj | ||
D5bcygwypTbRiUojGyS10Syt1fw2Snbwj7+T0mgAgPcTnDJx3aUTOlT70Hrwv4Th | ||
6bQ84YP5AkEApchYFKjuEgJKPIG8Mk61+S0nrYhL8yiz8aSEiEtJDC7Q4/B+f3rA | ||
bSjVH1oZCw0yhFmhLVuADJy2Qx9EwLHbowJBAN0lZvomgNU8gGLfy0OPZDhJ7odQ | ||
eIbni4+qBAhLdFppj/3uRJbA/jGbYU8nK5aTbo3Vq09GlN5mbInamYHaxWECQDdE | ||
StjYWEV4rfbt6Sd8Rf4Dp66aOXeeoh50kho9vuRo1wqmKgWljnDVo/cHukGM7MJi | ||
fvD4CAAsXjaSPgFfSbECQF7s1WinVNcNiRB2+Lt1XQuZLmadHDR1E7MoVqpUkG7K | ||
TISWmCrQOIakdAwfKJNvt0akKb0BB1450cE6XbqVLUM= | ||
-----END RSA PRIVATE KEY----- | ||
Bag Attributes | ||
friendlyName: CN=Alfresco Repository,OU=Unknown,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB | ||
localKeyID: 54 69 6D 65 20 31 33 34 34 37 35 38 38 33 38 35 39 33 | ||
subject=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Alfresco Repository | ||
issuer=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./CN=Alfresco CA | ||
-----BEGIN CERTIFICATE----- | ||
MIICYDCCAckCCQD/87za5Xu6IjANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJH | ||
QjELMAkGA1UECAwCVUsxEzARBgNVBAcMCk1haWRlbmhlYWQxHzAdBgNVBAoMFkFs | ||
ZnJlc2NvIFNvZnR3YXJlIEx0ZC4xFDASBgNVBAMMC0FsZnJlc2NvIENBMCAXDTEy | ||
MDgxMDE2MjEwMFoYDzIxMTIwNzE3MTYyMTAwWjCBgDELMAkGA1UEBhMCR0IxCzAJ | ||
BgNVBAgTAlVLMRMwEQYDVQQHEwpNYWlkZW5oZWFkMR8wHQYDVQQKExZBbGZyZXNj | ||
byBTb2Z0d2FyZSBMdGQuMRAwDgYDVQQLEwdVbmtub3duMRwwGgYDVQQDExNBbGZy | ||
ZXNjbyBSZXBvc2l0b3J5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCX67H7 | ||
604bPWaBpmfSrQMlQamw/25gGpH9skaKOIv0gHDXzYRYKRvGusQwHEDpf2IE5PoS | ||
Pcsbmc7T6fqHsCcUjtE5qTv56i+qTz6FBFoh5VWZjBJGHRs6VLQ8Jk9Emz73cgod | ||
9fUR+xqquGQ59SYce0yrnCIuseytGW3irqYKiwIDAQABMA0GCSqGSIb3DQEBBQUA | ||
A4GBAGAN0/9mLAmCF6LgYFumyoDYZmzqUGDTvaCyIBC56stSe4Z+WuM0/oaTzwxg | ||
KfksudPBGAbfBKkH0rNQbLhh4YIUxdsgNHojVSUBK5qzd10xykKH/70uHIE2ZZ3u | ||
FnFUvKYPPlOh6doy0bkeZhDgjUK587YT19L/URAGuvd4osgz | ||
-----END CERTIFICATE----- | ||
Bag Attributes | ||
friendlyName: CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB | ||
subject=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./CN=Alfresco CA | ||
issuer=/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./CN=Alfresco CA | ||
-----BEGIN CERTIFICATE----- | ||
MIICnDCCAgWgAwIBAgIJAILUY/ZsJjzXMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV | ||
BAYTAkdCMQswCQYDVQQIDAJVSzETMBEGA1UEBwwKTWFpZGVuaGVhZDEfMB0GA1UE | ||
CgwWQWxmcmVzY28gU29mdHdhcmUgTHRkLjEUMBIGA1UEAwwLQWxmcmVzY28gQ0Ew | ||
IBcNMTIwODEwMTYxNzM0WhgPMjExMjA3MTcxNjE3MzRaMGYxCzAJBgNVBAYTAkdC | ||
MQswCQYDVQQIDAJVSzETMBEGA1UEBwwKTWFpZGVuaGVhZDEfMB0GA1UECgwWQWxm | ||
cmVzY28gU29mdHdhcmUgTHRkLjEUMBIGA1UEAwwLQWxmcmVzY28gQ0EwgZ8wDQYJ | ||
KoZIhvcNAQEBBQADgY0AMIGJAoGBAOoocnTBBh88zAbSNUb292F4Hgwe/4jqyBnU | ||
I/uj2Js6247Sulcm9IjgbijK1y6ZC+sGeTwBQoJ67/tNS4f/Gibc4SuUnIooFvnP | ||
NbpRnebzWKcUxiK9gApzRtmqAJrgaTOBIBV3P0QB5snD8Uc5ZwhCgf3joXtn73Kj | ||
yZFgJXnXAgMBAAGjUDBOMB0GA1UdDgQWBBQDGp8/OEY7gLx9BhR/2wiMheoV2TAf | ||
BgNVHSMEGDAWgBQDGp8/OEY7gLx9BhR/2wiMheoV2TAMBgNVHRMEBTADAQH/MA0G | ||
CSqGSIb3DQEBBQUAA4GBAKKwXcAeLn+viE+iXTIN1SHxRBDJ4+zW2N7ClheJ1om3 | ||
ONNWBo3HlDZFYoL3kjm5UC25KF0/wxEBg6Fb6On+j7AqgXXsYbLTqrtJP57qLTja | ||
gyoEHBezH1+ZLVOqZ+934/5yO7qNdH/6cu38VCtGbQfrqfwxgCJ5L5OpK2U3sVrk | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,80 @@ | ||
global | ||
daemon | ||
maxconn 256 | ||
pidfile /var/run/haproxy.pid | ||
log 127.0.0.1 local2 info | ||
stats socket /var/run/haproxy.stat mode 600 level admin | ||
daemon | ||
maxconn 256 | ||
|
||
defaults | ||
mode http | ||
timeout connect 5000ms | ||
timeout client 50000ms | ||
timeout server 50000ms | ||
|
||
frontend http-in | ||
bind *:80 | ||
default_backend static | ||
|
||
backend static | ||
mode http | ||
balance roundrobin | ||
server share1 share1.alfresco-share.demo.acme.com:8080 maxconn 32 | ||
server share2 share2.alfresco-share.demo.acme.com:8080 maxconn 32 | ||
mode http | ||
log global | ||
|
||
timeout http-request 10s | ||
timeout queue 1m | ||
timeout connect 5s | ||
timeout client 2m | ||
timeout server 2m | ||
timeout http-keep-alive 10s | ||
timeout check 5s | ||
retries 3 | ||
|
||
option httplog | ||
option dontlognull | ||
option forwardfor | ||
option http-server-close | ||
option redispatch | ||
option tcp-smart-accept | ||
option tcp-smart-connect | ||
|
||
compression algo gzip | ||
compression type text/html text/html;charset=utf-8 text/plain text/css text/javascript application/x-javascript application/javascript application/ecmascript application/rss+xml application/atomsvc+xml application/atom+xml application/atom+xml;type=entry application/atom+xml;type=feed application/cmisquery+xml application/cmisallowableactions+xml application/cmisatom+xml application/cmistree+xml application/cmisacl+xml application/msword application/vnd.ms-excel application/vnd.ms-powerpoint | ||
|
||
# Front end for http to https redirect | ||
frontend http | ||
bind *:80 | ||
# redirect location https://lb.haproxy.demo.acme.com/share/ | ||
default_backend share | ||
|
||
# Main front end for all services | ||
# frontend https | ||
# bind *:443 ssl crt /haproxy-override/browser.pem | ||
# capture request header X-Forwarded-For len 64 | ||
# capture request header User-agent len 256 | ||
# capture request header Cookie len 64 | ||
# capture request header Accept-Language len 64 | ||
|
||
# ACL for backend mapping based on url paths | ||
acl robots path_reg ^/robots.txt$ | ||
acl alfresco_path path_reg ^/alfresco/.* | ||
acl share_path path_reg ^/share/.*/proxy/alfresco/api/solr/.* | ||
acl share_redirect path_reg ^$|^/$ | ||
|
||
# Changes to header responses | ||
rspadd Strict-Transport-Security:\ max-age=15768000 | ||
|
||
backend share | ||
stats enable | ||
stats hide-version | ||
stats auth <user>:<password> | ||
stats uri /monitor | ||
stats refresh 2s | ||
|
||
mode http | ||
|
||
option httpchk GET /share | ||
balance leastconn | ||
cookie JSESSIONID prefix | ||
server share1 share1.alfresco-share.demo.acme.com:8080 cookie share1 check inter 5000 | ||
server share2 share2.alfresco-share.demo.acme.com:8080 cookie share2 check inter 5000 | ||
|
||
#backend webdav | ||
# option httpchk GET /alfresco | ||
# reqrep ^([^\ ]*)\ /(.*) \1\ /alfresco/webdav/\2 | ||
# server share1 share1.alfresco-share.demo.acme.com:8080 check inter 5000 | ||
# server share2 share2.alfresco-share.demo.acme.com:8080 check inter 5000 | ||
|
||
#backend sharepoint | ||
# balance url_param VTISESSIONID check_post | ||
# cookie VTISESSIONID prefix | ||
# server tomcat1 server1:7070 cookie share1 check inter 5000 | ||
# server tomcat2 server2:7070 cookie share2 check inter 5000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters