Configure haproxy 900 Frontend service name #include Server name must be alphanumeric and can contain hyphen and underscores Backend member #include Backend name must be alphanumeric and can contain hyphen and underscores txt Name of haproxy backend system load-balancing haproxy backend #include #include #include #include #include #include #include #include Redirect HTTP to HTTPS SSL Certificate, SSL Key and CA #include Backend server name #include Backend name must be alphanumeric and can contain hyphen and underscores Load-balancing algorithm source-address round-robin least-connection source-address Based on hash of source IP address round-robin Round robin least-connection Least connection (source-address|round-robin|least-connection) round-robin #include #include #include #include HTTP check configuration HTTP method used for health check options head get post put options|head|get|post|put HTTP method used for health checking (options|head|get|post|put) URI used for HTTP health check (Example: '/' or '/health') ^\/([^?#\s]*)(\?[^#\s]*)?$ Expected response for the health check to pass Expected response status code for the health check to pass u32:200-399 Expected response code Status code must be in range 200-399 Expected to be in response body for the health check to pass txt A string expected to be in the response Non HTTP health check options ldap mysql pgsql redis smtp ldap LDAP protocol check mysql MySQL protocol check pgsql PostgreSQL protocol check redis Redis protocol check smtp SMTP protocol check (ldap|mysql|redis|pgsql|smtp) #include Backend server name Backend server address ipv4 IPv4 unicast peer address ipv6 IPv6 unicast peer address Use backup server if other servers are not available Active health check backend server #include Send a Proxy Protocol version 1 header (text format) Send a Proxy Protocol version 2 header (binary format) SSL Certificate, SSL Key and CA #include Do not attempt to verify SSL certificates for backend servers #include Global perfomance parameters and limits #include Maximum allowed connections u32:1-2000000 Maximum allowed connections Cipher algorithms ("cipher suite") used during SSL/TLS handshake for all frontend servers ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 dhe-rsa-aes256-gcm-sha384 (ecdhe-ecdsa-aes128-gcm-sha256|ecdhe-rsa-aes128-gcm-sha256|ecdhe-ecdsa-aes256-gcm-sha384|ecdhe-rsa-aes256-gcm-sha384|ecdhe-ecdsa-chacha20-poly1305|ecdhe-rsa-chacha20-poly1305|dhe-rsa-aes128-gcm-sha256|dhe-rsa-aes256-gcm-sha384) ecdhe-ecdsa-aes128-gcm-sha256 ecdhe-rsa-aes128-gcm-sha256 ecdhe-ecdsa-aes256-gcm-sha384 ecdhe-rsa-aes256-gcm-sha384 ecdhe-ecdsa-chacha20-poly1305 ecdhe-rsa-chacha20-poly1305 dhe-rsa-aes128-gcm-sha256 dhe-rsa-aes256-gcm-sha384 Specify the minimum required TLS version 1.2 1.3 1.2 TLS v1.2 1.3 TLS v1.3 (1.2|1.3) 1.3 #include