Skip to content

haproxy job from cf-haproxy/4

The HAProxy server can be used to terminate SSL in front of the Routers. Each HAProxy instance should point to multiple Routers.

Github source: 54d1627a or master branch

Properties

ha_proxy

backend_port

Listening port for Router

Default
80

backend_servers

Array of the router IPs acting as the HTTP/TCP backends (should include servers all Availability Zones being used

Default
[]

client_timeout

Timeout waiting for data from a client (in seconds)

Default
30

connect_timeout

Timeout waiting for connections to establish to a server (in seconds)

Default
5

default_dh_param

Maximum size of DH params when generating epmehmeral keys during key exchange

Default
2048

disable_http

Disable port 80 traffic

Default
false

enable_4443

Enables port 4443 for backwards compatibility with WSS-based apps using the old CF haproxy

Default
false

internal_only_domains

Array of domains for internal-only apps/services (not hostnames for the apps/services)

Default
[]

keepalive_timeout

Timeout waiting for new HTTP requests under http keep-alive mode (in seconds)

Default
1

queue_timeout

Timeout for requests queued waiting for free connection slots (in seconds)

Default
30

request_timeout

Maximum HTTP request length (in seconds)

Default
30

server_timeout

Timeout waiting for data from a server (in seconds)

Default
30

ssl_ciphers

List of SSL Ciphers that are passed to HAProxy

Default
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK

ssl_pem

SSL certificate (PEM file)

websocket_timeout

Timeout for websocket/tunnel traffic (in seconds)

Default
3600

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/haproxy/ directory (learn more).

  • bin/haproxy_ctl (from haproxy_ctl)
  • bin/monit_debugger (from monit_debugger)
  • config/cert.pem (from cert.pem.erb)
  • config/haproxy.config (from haproxy.config.erb)
  • data/properties.sh (from properties.sh.erb)
  • helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
  • helpers/ctl_utils.sh (from helpers/ctl_utils.sh)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.