# Copyright © 2018 Amdocs, AT&T, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. resolvers dns nameserver pod_dns "10.3.0.10:53" resolve_retries 3 timeout retry 1s hold valid 30s defaults mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms option httpclose option redispatch option abortonclose option httplog option dontlognull default-server init-addr last,libc,none backend gitlab_ssh mode tcp option tcplog timeout server 2h server gitlabssh vvp-gitlab:22 resolvers dns frontend gitlab_ssh_frontend mode tcp option tcplog timeout client 2h bind 0.0.0.0:22 acl is_ssh dst_port 22 use_backend gitlab_ssh if is_ssh backend portal_backend mode http server ice_portal vvp:8181 resolvers dns backend api mode http server engagement_manager vvp-em-uwsgi:80 resolvers dns backend s3 mode http balance roundrobin option httpchk HEAD / server ceph-01 10.252.0.21:8080 check inter 10000ms frontend portal mode http acl is_api_call path_beg -i /vvp acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3. use_backend api if is_api_call use_backend s3 if is_s3 bind 0.0.0.0:80 bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12 default_backend portal_backend listen stats bind 0.0.0.0:9001 mode http stats enable # Enable stats page stats realm Haproxy\ Statistics stats uri /haproxy_stats stats auth "${HAPROXY_USER}:${HAPROXY_PASS}" acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16 http-request deny if !network_allowed