Last active
April 28, 2024 21:36
-
-
Save dincosman/47479dc4426aa6aa55dedf44eb9ef3f2 to your computer and use it in GitHub Desktop.
Sample HAProxy Configuration communicating with Patroni REST APIs over SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@etcd02 ~]# cat /etc/ssl/etcd/server.crt /etc/ssl/etcd/server.key >> /etc/ssl/etcd/haproxy_combined.crt | |
[root@etcd02 ~]# vi /etc/haproxy/haproxy.cfg | |
global | |
maxconn 4096 | |
defaults | |
log global | |
mode tcp | |
timeout client 30m | |
timeout connect 4s | |
timeout server 30m | |
timeout check 5s | |
listen stats | |
mode http | |
bind *:7000 | |
stats enable | |
stats uri / | |
listen primary | |
bind 192.168.60.120:3500 | |
option httpchk OPTIONS/master | |
http-check expect status 200 | |
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions | |
server postgresql_192.168.60.101_3531 posvt01.localdomain:3531 verify none maxconn 100 check check-ssl port 8008 crt /etc/ssl/etcd/haproxy_combined.crt ca-file /etc/ssl/etcd/root.crt | |
server postgresql_192.168.60.102_3531 posvt02.localdomain:3531 verify none maxconn 100 check check-ssl port 8008 crt /etc/ssl/etcd/haproxy_combined.crt ca-file /etc/ssl/etcd/root.crt | |
listen standby | |
bind 192.168.60.120:3501 | |
option httpchk OPTIONS/replica | |
http-check expect status 200 | |
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions | |
server postgresql_192.168.60.101_3531 posvt01.localdomain:3531 verify none maxconn 100 check check-ssl port 8008 crt /etc/ssl/etcd/haproxy_combined.crt ca-file /etc/ssl/etcd/root.crt | |
server postgresql_192.168.60.102_3531 posvt02.localdomain:3531 verify none maxconn 100 check check-ssl port 8008 crt /etc/ssl/etcd/haproxy_combined.crt ca-file /etc/ssl/etcd/root.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment