Skip to content

haproxy job from cf/202

The HAProxy server can be used to terminate SSL in front of the Routers. Each HAProxy instance should point to multiple Routers.

Github source: 78455fbb or master branch

Properties

ha_proxy

disable_http

Disable port 80 traffic

Default
false

ssl_ciphers

List of SSL Ciphers that are passed to HAProxy

Default
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK

ssl_pem

SSL certificate (PEM file)

networks

apps

HAProxy network information.

request_timeout_in_seconds

Server and client timeouts in seconds

Default
900

router

port

Listening port for Router

Default
80

servers

z1

Array of the router IPs acting as the first group of HTTP/TCP backends

Default
[]
z2

Array of the router IPs acting as the second group of HTTP/TCP backends

Default
[]

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/haproxy/ directory (learn more).

  • bin/haproxy_ctl (from haproxy_ctl)
  • config/cert.pem (from cert.pem.erb)
  • config/haproxy.config (from haproxy.config.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.