# NOTE: on startup haproxy chroot's to /var/lib/haproxy.
# Unfortunately the program will open some files prior to the call to
# chroot never to reopen them, and some after. So looking at the on-disk
# layout of haproxy resources you will find some resources relative to /
# such as the admin socket, and some relative to /var/lib/haproxy such as
# the log socket.
# The logging socket is (re-)opened after the chroot and must be relative
# to /var/lib/haproxy.
log /dev/log local0
log /dev/log local1 notice
maxconn 20000
user haproxy
group haproxy
spread-checks 0
# The admin socket is opened prior to the chroot never to be reopened, so
# it lives outside the chroot directory in the filesystem.
stats socket /var/run/haproxy/admin.sock mode 600 level admin
stats timeout 2m
log global
mode tcp
option tcplog
option dontlognull
retries 3
{%- if options.haproxy_queue_timeout %}
timeout queue {{ options.haproxy_queue_timeout }}
{%- else %}
timeout queue 9000
{%- endif %}
{%- if options.haproxy_connect_timeout %}
timeout connect {{ options.haproxy_connect_timeout }}
{%- else %}
timeout connect 9000
{%- endif %}
{%- if options.haproxy_client_timeout %}
timeout client {{ options.haproxy_client_timeout }}
{%- else %}
timeout client 90000
{%- endif %}
{%- if options.haproxy_server_timeout %}
timeout server {{ options.haproxy_server_timeout }}
{%- else %}
timeout server 90000
{%- endif %}
listen stats
bind {{ options.local_host }}:{{ options.haproxy_stat_port }}
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth admin:{{ options.haproxy_stat_password }}
{% if cluster.cluster_hosts -%}
{% for service, ports in options.service_ports.items() -%}
frontend tcp-in_{{ service }}
bind *:{{ ports[0] }}
{% if options.ipv6_enabled -%}
bind :::{{ ports[0] }}
{% endif -%}
{% for frontend in cluster.cluster_hosts -%}
acl net_{{ frontend }} dst {{ cluster.cluster_hosts[frontend]['network'] }}
use_backend {{ service }}_{{ frontend }} if net_{{ frontend }}
{% endfor -%}
default_backend {{ service }}_{{ options.local_address }}
{% for frontend in cluster.cluster_hosts -%}
backend {{ service }}_{{ frontend }}
balance leastconn
{% for unit, address in cluster.cluster_hosts[frontend]['backends'].items() -%}
server {{ unit }} {{ address }}:{{ ports[1] }} check
{% endfor %}
{% endfor -%}
{% endfor -%}
{% endif -%}