haproxy.cfg

# _version=1
# HAProxy Technologies
# https://www.haproxy.com/
#
# this file is not meant to be changed directly
# it is under haproxy ingress controller management
#

global
  daemon
  master-worker
  localpeer local
  pidfile /var/run/haproxy.pid
  server-state-file global
  server-state-base /var/state/haproxy/
  stats socket /var/run/haproxy-runtime-api.sock level admin expose-fd listeners
  stats timeout 1m
  tune.ssl.default-dh-param 2048
  log 127.0.0.1:514 local0 notice
  ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
  ssl-default-bind-options no-sslv3 no-tls-tickets no-tlsv10

defaults
  log global
  log-format '%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs "%HM %[var(txn.base)] %HV"'
  option redispatch
  option dontlognull
  option http-keep-alive
  timeout http-request    5s
  timeout connect         5s
  timeout client          50s
  timeout queue           5s
  timeout server          50s
  timeout tunnel          1h
  timeout http-keep-alive 1m
  load-server-state-from-file global

peers localinstance
   peer local 127.0.0.1:10000

frontend https
  mode http
  bind 127.0.0.1:8080 name v4
  http-request set-var(txn.base) base
  use_backend %[var(txn.path_match),field(1,.)]

frontend http
  mode http
  bind 127.0.0.1:4443 name v4
  http-request set-var(txn.base) base
  use_backend %[var(txn.path_match),field(1,.)]

frontend healthz
  bind 127.0.0.1:1042 name v4
  mode http
  monitor-uri /healthz
  option dontlog-normal

frontend stats
   mode http
   bind *:1024
   http-request set-var(txn.base) base
   http-request use-service prometheus-exporter if { path /metrics }
   stats enable
   stats uri /
   stats refresh 10s