Here is what I have currently:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd
listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
#
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:
ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend haproxynode
bind *:80
bind *:443 ssl crt /etc/ssl/new/STAR_qlf_com.pem
redirect scheme https if !{ ssl_fc }
default_backend backendnodes
backend backendnodes
balance source
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }
server ws19-1 10.10.0.57:9081 check
server ws19-2 10.10.0.59:9081 check
listen stats
bind :32700
stats enable
stats uri /
stats hide-version
stats auth haproxy:haproxy
Notice the ssl cert specification
You can see I have 2 separate servers and run them on port 9081. For my
web2py servers I just run rocket as a service. And, I have sessions stored
in the database. I used to use redis, but that is no longer working with
web2py (in sessions).
-Jim
On Tuesday, November 26, 2019 at 9:23:24 PM UTC-6, Dave S wrote:
>
>
>
> On Tuesday, November 26, 2019 at 7:01:22 PM UTC-8, Krishna Bavandlapally
> wrote:
>>
>> Thank you, Deve S.
>>
>> Sorry I didn't know that and unpinned it.
>>
>
> 'K
>
> I did a quick search, and perhaps Jim S' post will help:
> <URL:https://groups.google.com/d/msg/web2py/sTGFoVtiY04/t8y-6QssAgAJ>
>
> Ian Ryder also has a site using haproxy, but didn't give the setup details:
> <URL:https://groups.google.com/d/msg/web2py/BryoYJfvZ4k/tC_W05iDAAAJ>
>
> My setup is a single instance, but even if it grows another head, nginx
> might be enough, although I haven't studied the load balancing uses, and
> can't speak to how much of that is in the open source version (even though
> that's what I'm using).
>
> Good luck!
>
> /dps
>
>
>
>
>
> On Wednesday, 27 November 2019 02:56:55 UTC+5:30, Dave S wrote:
>>
>>
>>
>> On Saturday, November 23, 2019 at 5:01:01 AM UTC-8, Krishna Bavandlapally
>> wrote:
>>>
>>> Anyone have a sample haproxy.cfg file for haproxy v 1.8
>>
>>
>>
>> No, sorry. I'm only using nginx.
>>
>> Why is this post pinned? That is supposed to be for long-lived messages,
>> such as from Massimo.
>>
>> /dps
>>
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/c2288a75-fe07-4f40-8d24-7c24c655b62c%40googlegroups.com.
