1 # Copyright © 2018 Amdocs, AT&T, Bell Canada
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
16 nameserver pod_dns "10.3.0.10:53"
23 timeout connect 5000ms
24 timeout client 50000ms
25 timeout server 50000ms
31 default-server init-addr last,libc,none
37 server gitlabssh vvp-gitlab:22 resolvers dns
39 frontend gitlab_ssh_frontend
44 acl is_ssh dst_port 22
45 use_backend gitlab_ssh if is_ssh
47 backend portal_backend
49 server ice_portal vvp:8181 resolvers dns
53 server engagement_manager vvp-em-uwsgi:80 resolvers dns
59 server ceph-01 10.252.0.21:8080 check inter 10000ms
63 acl is_api_call path_beg -i /vvp
64 acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
65 use_backend api if is_api_call
66 use_backend s3 if is_s3
68 bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12
69 default_backend portal_backend
74 stats enable # Enable stats page
75 stats realm Haproxy\ Statistics
76 stats uri /haproxy_stats
77 stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
78 acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
79 http-request deny if !network_allowed