blob: 9910bed559aa8d367096ec42b5b9884068b7871e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# HAProxy configuration for Baserock Project front-end proxy.
# See <https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7>
# for more documentation than you ever dreamed of.
global
maxconn 4000
daemon
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
log /dev/log local0
stats socket /var/lib/haproxy/stats
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
log global
option httplog
frontend http-in
bind *:80
# The hdr(host) call means 'extract the first Host header from the HTTP request
# or response', the '-m beg' switch means 'match against the beginning of it'
# and the '-i' flag makes the match case-insensitive.
acl host_gerrit hdr(host) -m beg -i gerrit
acl host_mason_x86_32 hdr(host) -m beg -i mason-x86-32
acl host_openid hdr(host) -m beg -i openid
use_backend baserock_gerrit_http if host_gerrit
use_backend baserock_mason_x86_32_http if host_mason_x86_32
use_backend baserock_openid_provider_http if host_openid
frontend ssh-in:
# FIXME: it'd be better if we could limit traffic on port 29418 to
# gerrit.baserock.org. There's no way of knowing from an SSH request
# which subdomain the user tried to connect to, so for now they can
# clone repos from 'ssh://openid.baserock.org:29418' and such like.
# For this reason it's probably worth pointing gerrit.baserock.org to
# a different floating IP that serves only the gerrit instance.
mode tcp
option tcplog
bind *:29418
default_backend baserock_gerrit_ssh
backend baserock_gerrit_http
server baserock_gerrit 192.168.222.69:8080
backend baserock_gerrit_ssh
mode tcp
server baserock_gerrit 192.168.222.69:29418
backend baserock_mason_x86_32_http
server baserock_mason_x86_32 192.168.222.78:80
backend baserock_openid_provider_http
server baserock_openid_provider 192.168.222.67:80
|