haproxy job from cf-haproxy/8.0.4
The HAProxy server can be used to terminate SSL in front of the Routers. Each HAProxy instance should point to multiple Routers.
Github source:
189639cd or
master branch
Properties¶
ha_proxy¶
backend_port¶Listening port for Router
- Default
backend_servers¶Array of the router IPs acting as the HTTP/TCP backends (should include servers all Availability Zones being used)
- Default
client_timeout¶Timeout waiting for data from a client (in seconds)
- Default
compress_types¶If this property is set, gzip compression will be activated for the mime types named in this property. definition like ‘text/html text/plain text/css’
- Default
connect_timeout¶Timeout waiting for connections to establish to a server (in seconds)
- Default
default_dh_param¶Maximum size of DH params when generating epmehmeral keys during key exchange
- Default
disable_http¶Disable port 80 traffic
- Default
enable_4443¶Enables port 4443 for backwards compatibility with WSS-based apps using the old CF haproxy
- Default
headers¶Hash of custom headers you wish you have set on each request. Spaces are automatically escaped, but any other haproxy delimiters will need to be escaped manually
- Example
|+ headers: X-Application-ID: my-custom-header MyCustomHeader: 3
https_redirect_all¶If this is set to ‘true’, a https redirect rule for all http calls will be put in the config file
- Default
https_redirect_domains¶For each domain in this array, a HTTPS redirect rule will be put in the config file. Redirect will be applied for all subdomains
- Default
internal_only_domains¶Array of domains for internal-only apps/services (not hostnames for the apps/services)
- Default
keepalive_timeout¶Timeout waiting for new HTTP requests under http keep-alive mode (in seconds)
- Default
log_level¶Log level
- Default
queue_timeout¶Timeout for requests queued waiting for free connection slots (in seconds)
- Default
request_timeout¶Maximum HTTP request length (in seconds)
- Default
routed_backend_servers¶Hash of the URL prefixes -> array of the router IPs acting as the HTTP/TCP backends (should include servers all Availability Zones being used)
- Default
{}
rsp_headers¶Hash of custom headers you wish you have set on each request. Spaces are automatically escaped, but any other haproxy delimiters will need to be escaped manually
- Example
|+ rsp_headers: X-Application-ID: my-custom-header MyCustomHeader: 3
server_timeout¶Timeout waiting for data from a server (in seconds)
- Default
ssl_ciphers¶List of SSL Ciphers that are passed to HAProxy
- Default
ssl_pem¶SSL certificate (PEM file), or an array of SSL certificates (PEM files)
syslog_server¶An IPv4 address optionally followed by a colon and a UDP port. It can also be an IPv6 address or filesystem path to a UNIX domain socket.
- Default
tcp¶List of mappings to perform tcp-based proxying on. See example for mapping datastructure and keys
- Default
- Example
trusted_domain_cidrs¶Space separated trusted cidr blocks for internal_only_domains
- Default
websocket_timeout¶Timeout for websocket/tunnel traffic (in seconds)
- Default
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/haproxy/ directory
(learn more).
bin/haproxy_ctl(fromhaproxy_ctl)bin/monit_debugger(frommonit_debugger)config/certs.ttar(fromcerts.ttar.erb)config/haproxy.config(fromhaproxy.config.erb)config/ssl_redirect.map(fromssl_redirect.map.erb)data/properties.sh(fromproperties.sh.erb)helpers/ctl_setup.sh(fromhelpers/ctl_setup.sh)helpers/ctl_utils.sh(fromhelpers/ctl_utils.sh)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.