HAProxy

Deploy HAProxy Container

• Configurador básico:

$ mkdir haproxy

$ vi haproxy/haproxy.cfg

global

    log fd@2 local2

chroot /var/lib/haproxy

    pidfile /var/run/haproxy.pid

    stats socket /var/lib/haproxy/stats mode 660 level admin expose-fd listeners

stats timeout 30s

user haproxy

group haproxy

daemon

    maxconn 4096                   <- Ajustar conforme necessario

    tune.ssl.default-dh-param 4096

#nbproc 4

#cpu-map 1 0

#cpu-map 2 1

#cpu-map 3 2

#cpu-map 4 3

#stats bind-process 4

# Default SSL material locations

ca-base /etc/ssl/certs

crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.

# For more information, see ciphers(1SSL). This list is from:

#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

# An alternative list with additional directives can be obtained from

#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy

ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

ssl-default-bind-options no-sslv3

defaults

        log global

        mode http

        option httplog

        #option dontlognull

        option  dontlog-normal

        timeout connect 10s

        timeout client 30s

        timeout server 30s

        option forwardfor

        option http-server-close

        option redispatch

        option httpclose

        option persist

        cookie SERVERID insert indirect nocache

frontend  HTTP

    bind *:80

    use_backend stat if { path -i /stats }

    acl PRTN hdr(host) -i portainerha.domain.com.br

    use_backend PRTN if PRTN

    backend PRTN

    server PRTN1 <IP_SERVER>:9000 check

backend stat

    #bind *:1936

    stats hide-version

    stats enable

    stats uri /stats

    stats refresh 30s

    stats show-legends

    stats show-node

    stats auth admin:password

• Criar o arquivo para deploy do haproxy:

$ vi deploy_haproxy.sh 

#!/usr/bin/env bash

HAPROXY="/home/suporte/haproxy"

CERTS="/home/suporte/haproxy/certs"

DOCKER="/usr/bin/docker"

MKDIR="/usr/bin/mkdir"

if [[ -d $HAPROXY && -d $CERTS ]]; then 

   echo "Diretorios existente."

   else 

      $MKDIR -p $HAPROXY $CERTS

      echo "Diretorios criado."

fi

### Remove

$DOCKER stop HAProxy && \

$DOCKER rm HAProxy && \

$DOCKER rmi haproxytech/haproxy-debian:latest

### Install

$DOCKER run --name HAProxy \

-p 80:80 -p 443:443 -p 1936:1936 \

-e TZ='America/Sao_Paulo' \

-v $HAPROXY:/usr/local/etc/haproxy:ro \

-v $CERTS:/etc/ssl/private:ro \

--restart unless-stopped \

-d haproxytech/haproxy-debian:latest

# chmod 755 ~/*.sh

# ./deploy_haproxy.sh

• A página de STATS pode ser acessada com o link

http://<IP_SERVER>/stats

User: admin

Password: password

Referência:  1 / 2 /