-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cluster config for apache and nginx
- Loading branch information
1 parent
a2b2afa
commit 703e591
Showing
2 changed files
with
123 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
#Use this example to proxy HTTPS traffic to a document server cluster, where the node addresses are “backendserver-address1, backendserver-address2, ...”. | ||
# Replace {{SSL_CERTIFICATE_PATH}} with the path to the ssl certificate file | ||
# Replace {{SSL_KEY_PATH}} with the path to the ssl private key file | ||
|
||
Listen 80 | ||
Listen 443 | ||
LoadModule mpm_event_module modules/mod_mpm_event.so | ||
LoadModule authn_core_module modules/mod_authn_core.so | ||
LoadModule authz_core_module modules/mod_authz_core.so | ||
LoadModule unixd_module modules/mod_unixd.so | ||
LoadModule proxy_module modules/mod_proxy.so | ||
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so | ||
LoadModule proxy_http_module modules/mod_proxy_http.so | ||
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so | ||
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so | ||
LoadModule rewrite_module modules/mod_rewrite.so | ||
LoadModule headers_module modules/mod_headers.so | ||
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so | ||
LoadModule setenvif_module modules/mod_setenvif.so | ||
LoadModule ssl_module modules/mod_ssl.so | ||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so | ||
LoadModule log_config_module modules/mod_log_config.so | ||
#Include conf/extra/httpd-ssl.conf | ||
|
||
Header add Set-Cookie "SERVERID=sticky.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED | ||
|
||
<Proxy "balancer://nodes_polling"> | ||
BalancerMember "http://backendserver-address1" route=addr01 | ||
BalancerMember "http://backendserver-address2" route=addr02 | ||
ProxySet stickysession=SERVERID | ||
</Proxy> | ||
|
||
<Proxy "balancer://nodes_ws"> | ||
BalancerMember "ws://backendserver-address1" route=addr01 | ||
BalancerMember "ws://backendserver-address2" route=addr02 | ||
ProxySet stickysession=SERVERID | ||
</Proxy> | ||
|
||
<IfModule unixd_module> | ||
User daemon | ||
Group daemon | ||
</IfModule> | ||
|
||
|
||
SSLPassPhraseDialog builtin | ||
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" | ||
SSLSessionCacheTimeout 300 | ||
|
||
<VirtualHost *:443> | ||
ServerName localhost | ||
SSLEngine on | ||
SSLCertificateFile "{{SSL_CERTIFICATE_PATH}}" | ||
SSLCertificateKeyFile "{{SSL_KEY_PATH}}" | ||
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 | ||
SSLProtocol All -SSLv2 -SSLv3 | ||
SSLCompression off | ||
SSLHonorCipherOrder on | ||
|
||
SetEnvIf Host "^(.*)$" THE_HOST=$1 | ||
RequestHeader setifempty X-Forwarded-Proto https | ||
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e | ||
ProxyAddHeaders Off | ||
|
||
RewriteEngine on | ||
|
||
RewriteCond %{HTTP:Upgrade} =websocket [NC] | ||
RewriteRule /(.*) balancer://nodes_ws/$1 [P,L] | ||
RewriteCond %{HTTP:Upgrade} !=websocket [NC] | ||
RewriteRule /(.*) balancer://nodes_polling/$1 [P,L] | ||
</VirtualHost> | ||
|
||
<VirtualHost *:80> | ||
ServerName site.com | ||
RewriteEngine On | ||
RewriteCond %{HTTPS} off | ||
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | ||
</VirtualHost> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
#Use this example for proxy traffic to the document server running at 'backendserver-address'. | ||
|
||
upstream docservice { | ||
hash $remote_addr consistent; | ||
server backendserver-address-1; | ||
server backendserver-address-2; | ||
} | ||
|
||
map $http_host $this_host { | ||
"" $host; | ||
default $http_host; | ||
} | ||
|
||
map $http_x_forwarded_proto $the_scheme { | ||
default $http_x_forwarded_proto; | ||
"" $scheme; | ||
} | ||
|
||
map $http_x_forwarded_host $the_host { | ||
default $http_x_forwarded_host; | ||
"" $this_host; | ||
} | ||
|
||
map $http_upgrade $proxy_connection { | ||
default upgrade; | ||
"" close; | ||
} | ||
|
||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection $proxy_connection; | ||
proxy_set_header X-Forwarded-Host $the_host; | ||
proxy_set_header X-Forwarded-Proto $the_scheme; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
|
||
|
||
server { | ||
listen 0.0.0.0:80; | ||
listen [::]:80 default_server; | ||
server_tokens off; | ||
|
||
location / { | ||
proxy_pass http://docservice; | ||
proxy_http_version 1.1; | ||
} | ||
} |