Ubuntu Pastebin

Paste from julian at Tue, 21 Mar 2017 10:28:12 +0000

Download as text 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private
        #ssl-server-verify none

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        # An alternative list with additional directives can be obtained from
        #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http


frontend ft_rdp
  mode tcp
  bind 10.1.0.2:3389 name rdp
  timeout client 12h
  log global
  option tcplog
  tcp-request inspect-delay 2s
  tcp-request content accept if RDP_COOKIE
  #tcp-request content reject if { req_ssl_hello_type 1 }
  maxconn 9999
  default_backend bk_rdp

backend bk_rdp
  mode tcp
  balance leastconn
  persist rdp-cookie
  timeout server 12h
  timeout connect 8s
  log global
  option tcplog
  default-server inter 3s fall 3 rise 2
  server SRV-TS01 10.1.0.51:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions
  server SRV-TS02 10.1.0.52:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions
  server SRV-TS03 10.1.0.53:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions
  server SRV-TS04 10.1.0.54:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions
  server SRV-TS05 10.1.0.55:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions
  server SRV-TS06 10.1.0.56:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions
  server SRV-TS07 10.1.0.57:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions
  server SRV-TS08 10.1.0.58:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions
  server SRV-TS09 10.1.0.59:3389 weight 100 check port 3389 verify none agent-check agent-port 3333 minconn 0 maxconn 0 on-marked-down shutdown-sessions

listen stats
   mode http
   bind *:8181
   timeout connect 4s
   timeout client 1h
   timeout server 1h
   stats enable
   stats uri /
   stats realm Haproxy\ Statistics
   stats auth admin:PASSWORT
   #stats admin if TRUE
Download as text