-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # generated 2023-04-23, Mozilla Guideline v5.6, HAProxy 2.2.9-2, OpenSSL 1.1.1n, intermediate configuration # https://ssl-config.mozilla.org/#server=haproxy&version=2.2.9-2&config=intermediate&openssl=1.1.1n&guideline=5.6 # intermediate configuration ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam ssl-dh-param-file /etc/ssl/dhparam2048 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen stats bind *:9090 stats enable stats uri /stats stats auth 12345678:12345678 stats refresh 30s stats show-legends #----------------------- # Front-end section # ------------------- # frontend fe_mail # receives traffic from clients bind :80 http-response set-header X-Frame-Options SAMEORIGIN http-response set-header X-Content-Type-Options nosniff http-response set-header Strict-Transport-Security max-age=63072000 mode http redirect scheme https code 301 if !{ ssl_fc } bind :443 ssl crt /etc/ssl/certs/exchange_certificate_and_key_nopassword.pem alpn h2,http/1.1 # Exchange Admin Center ACL List acl whitelist src 1.2.3.4/32 acl ecp_req url_beg /ecp http-request deny if ecp_req !whitelist acl xmail hdr(host) -i exchange.external-fqdn.co.uk acl autodiscover url_beg /Autodiscover acl autodiscover url_beg /autodiscover acl mapi url_beg /mapi acl rpc url_beg /rpc acl owa url_beg /owa acl owa url_beg /OWA acl eas url_beg /Microsoft-Server-ActiveSync acl eas url_beg /Microsoft-Server-activeSync acl ecp url_beg /ecp acl ews url_beg /EWS acl ews url_beg /ews acl oab url_beg /OAB acl default_for_mail url_beg / use_backend be_ex2019_owa if xmail owa use_backend be_ex2019_autodiscover if xmail autodiscover use_backend be_ex2019_mapi if xmail mapi use_backend be_ex2019_activesync if xmail eas use_backend be_ex2019_ews if xmail ews use_backend be_ex2019_rpc if xmail rpc use_backend be_ex2019_default if xmail default_for_mail frontend fe_exchange_imaps mode tcp option tcplog bind :993 name imaps default_backend be_exchange_imaps frontend fe_exchange_smtp mode tcp option tcplog bind :25 name smtp default_backend be_exchange_smtp frontend fe_exchange_smtps mode tcp option tcplog bind :587 name smtps default_backend be_exchange_smtps #------------------------------ # Back-end section #------------------------------ backend be_ex2019_autodiscover mode http server mail exchange.internal-fqdn.co.uk:443 check ssl verify none backend be_ex2019_mapi mode http server mail exchange,internal-fqdn.co.uk:443 check ssl verify none backend be_ex2019_rpc mode http server mail exchange.internal-fqdn.co.uk:443 check ssl verify none backend be_ex2019_owa mode http server mail exchange.internal-fqdn.co.uk:443 check ssl verify none backend be_ex2019_activesync mode http server mail exchange.internal-fqdn.co.uk:443 check ssl verify none backend be_exchange_imaps mode tcp server mail exchange.internal-fqdn.co.uk:993 backend be_ex2019_ews mode http server mail exchange.internal-fqdn.co.uk:443 check ssl verify none backend be_ex2019_default mode http server mail exchange.internal-fqdn.co.uk:443 check ssl verify none backend be_exchange_smtp mode tcp server mail exchange.internal-fqdn.co.uk:25 backend be_exchange_smtps mode tcp server mail exchange.internal-fqdn.co.uk:587