Hi, Happy to share my config. This is based on HAProxy Version 1.5-Dev17.
It's by no means perfect, but's working for us at the moment: global # Default Maximum Number of Connections. Used to set ulimit -n maxconn 20000 # Run as a Daemon Service in the Background daemon # Define the Number of Processor Cores - Not Essential #nbproc 2 # Allows Turning Off of Kernel TCP Splicing - Not Essential #nosplice # Logging Setting. Local to Local Syslog and Control from There log 127.0.0.1 daemon log-send-hostname log-tag haproxy # Define a UNIX Socket so that you can Admin the Service interactively stats socket /usr/local/sbin/haproxy-socket level admin defaults # Do Not Log Connections with No Requests option dontlognull # Force Clients to try and Reconnect to an Alternative Server if one is Down option redispatch # Ensure that Streaming HTTP Works Correctly - Vital for Outlook Anywhere option http-no-delay # Enable Continuous Stats for Long Running Connections option contstats # Log All HTTP Date option httplog # Log Request and Responses as Fast as Possible option logasap # Set Logging to the Setting in Global log global # Define the Method of Load Balancing - source = Source IP Hash balance source # Client Inactivity Timeout #timeout client 900s timeout client 3600s # Server Inactivity Timeout #timeout server 900s timeout server 3600s # Maximum Time a Request is Queued on the Load Balancer timeout queue 30s # Other Timeouts - Need Investigating timeout connect 5s timeout http-keep-alive 1s timeout http-request 15s timeout tarpit 1m # Define the Default Server Checking Behaviour - 10 seconds, 3 Missed Checks is Failure, 2 Successful Check Brings Server Back default-server inter 10s fall 3 rise 2 userlist stats-auth # User / Password for Admin Access to Stats Page group stats-admin users admin user admin password [Remvoed] # User / Password for Monitor Access to Stats Page group stats-readonly users monitor user monitor password [Removed] listen stats # Define the Mode mode http # Bind to an IP Address/Port bind 10.2.1.1:8080 # Define ACLs to be Used in the Stats Authentication Process acl AUTH-readonly http_auth_group(stats-auth) stats-readonly acl AUTH-admin http_auth_group(stats-auth) stats-admin acl net-allowed src 10.3.1.8/29 10.4.1.8/29 # Enable Various Stats Features stats enable stats show-desc Load Balancer for Exchange stats uri / stats refresh 10s # Enable Stats Auth stats http-request auth unless AUTH-admin OR AUTH-readonly stats admin if AUTH-admin # Block Access Unless in the Allow Network Range block unless net-allowed frontend ft_exchange # Define the Mode mode http # Define the Maximum Number of Connections for the Frontend maxconn 8000 # Bind to an IP Address/Port, Select SSL and specific the Certificate # The Ciphers option for SSL can be Added: ciphers bind 10.2.1.1:443 ssl crt /etc/ssl/crt.domain.com.pem ciphers TLSv1+SSLv3+HIGH:!aNULL:!eNULL # Define a List of Accepted ACLs for Future use acl all-exchange path_beg -i /autodiscover /owa /oab /ews /public /microsoft-server-activesync /rpc acl root url_len 1 acl autodiscover path_beg -i /autodiscover acl owa path_beg -i /owa acl oab path_beg -i /oab acl ews path_beg -i /ews acl public path_beg -i /public acl activesync path_beg -i /microsoft-server-activesync acl outlook-anywhere path_beg -i /rpc # Block All Request Except Those to Exchange Virtual Directories block unless all-exchange OR root # Redirect is the URL is a Single Character, which can only mean / redirect location /owa if root # Capture the User-Agent Header, so that it is Added to the Log capture request header User-Agent len 50 capture request header Content-Length len 120 capture response header Content-Length len 120 # Define Which Set of Backend Servers to Use default_backend bk_exchange_all backend bk_exchange_all # Define the Mode mode http # Define the Overal Maximum Number of Connections for the Backend fullconn 8000 # Define the Backend Servers server exchange01 10.1.1.1:80 check server exchange02 10.1.1.2:80 check (IP addresses and names have been changed to protect to innocent). Posted at Nginx Forum: http://forum.nginx.org/read.php?2,236709,238474#msg-238474 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
