global pidfile /var/run/haproxy.pid daemon user haproxy group haproxy stats socket /var/run/haproxy.socket user haproxy group haproxy mode 600 level admin node haproxy_%NIP% description haproxy server #* Performance Tuning maxconn 8192 spread-checks 3 quiet defaults #log global mode tcp option dontlognull option tcp-smart-accept option tcp-smart-connect #option dontlog-normal retries 3 option redispatch maxconn 8192 timeout check 3500ms timeout queue 3500ms timeout connect 3500ms timeout client 10800s timeout server 10800s userlist STATSUSERS group admin users admin user admin insecure-password Dc$@1910 user stats insecure-password Dc$@1910 listen admin_page bind *:9600 mode http stats enable stats refresh 60s stats uri / acl AuthOkay_ReadOnly http_auth(STATSUSERS) acl AuthOkay_Admin http_auth_group(STATSUSERS) admin stats http-request auth realm admin_page unless AuthOkay_ReadOnly # stats admin if AuthOkay_Admin listen MySQL_3307_rw bind *:3307 mode tcp timeout client 10800s timeout server 10800s tcp-check expect string is\ running balance leastconn option tcp-check # option allbackups default-server port 9200 inter 2s downinter 5s rise 3 fall 2 slowstart 60s maxconn 64 maxqueue 128 weight 100 server 10.5.10.51 10.5.10.51:3306 check server 10.5.10.52 10.5.10.52:3306 check backup server 10.5.10.53 10.5.10.53:3306 check backup listen MySQL_3308_ro bind *:3308 mode tcp timeout client 10800s timeout server 10800s tcp-check expect string is\ running balance leastconn option tcp-check # option allbackups default-server port 9200 inter 2s downinter 5s rise 3 fall 2 slowstart 60s maxconn 64 maxqueue 128 weight 100 server 10.5.10.51 10.5.10.51:3306 check server 10.5.10.52 10.5.10.52:3306 check server 10.5.10.53 10.5.10.53:3306 check backup listen NGINX_HTTP     bind *:80 transparent     mode http     balance leastconn     cookie SERVERID maxidle 30m maxlife 12h insert nocache indirect #     server backup 127.0.0.1:9081 backup non-stick     option http-keep-alive     timeout http-request 5s     option forwardfor     timeout tunnel 1h     option redispatch     server iDS-Webserver1 10.5.10.120:80 weight 250 cookie iDS-Webserver1 check port 80 inter 4000 rise 2 fall 2 slowstart 8000 minconn 0 maxconn 0 on-marked-down shutdown-sessions     server iDS-Webserver2 10.5.10.121:80 weight 100 cookie iDS-Webserver2 check port 80 inter 4000 rise 2 fall 2 slowstart 8000 minconn 0 maxconn 0 on-marked-down shutdown-sessions listen NGINX_SSL     bind *:443 transparent     mode http     balance leastconn     cookie SERVERID maxidle 30m maxlife 12h insert nocache indirect #     server backup 127.0.0.1:9081 backup non-stick     option http-keep-alive     timeout http-request 5s     option forwardfor     timeout tunnel 1h     option redispatch     server iDS-Webserver1-SSL 10.5.10.120:443 weight 250 cookie iDS-Webserver1-SSL check inter 4000 rise 2 fall 2 slowstart 8000 minconn 0 maxconn 0 on-marked-down shutdown-sessions     server iDS-Webserver2-SSL 10.5.10.121:443 weight 100 cookie iDS-Webserver2-SSL check inter 4000 rise 2 fall 2 slowstart 8000 minconn 0 maxconn 0 on-marked-down shutdown-sessions listen Gitea bind *:3000     mode http     balance leastconn     cookie SERVERID maxidle 30m maxlife 12h insert nocache indirect #     server backup 127.0.0.1:9081 backup non-stick     option http-keep-alive     timeout http-request 5s     option forwardfor     timeout tunnel 1h     option redispatch     server iDS-Webserver1-SSL 10.5.10.120:443 weight 250 cookie iDS-Webserver1-SSL check inter 4000 rise 2 fall 2 slowstart 8000 minconn 0 maxconn 0 on-marked-down shutdown-sessions     server iDS-Webserver2-SSL 10.5.10.121:443 weight 100 cookie iDS-Webserver2-SSL check inter 4000 rise 2 fall 2 slowstart 8000 minconn 0 maxconn 0 on-marked-down shutdown-sessions backup