HAProxy Configuration

Select to Highlight:
frontend www
bind
0.0.0.0:80
mode
http
redirect
scheme https if !{ ssl_fc }

Redirect non-http requests to https in a general fashion (no need to hardcode hostnames).

The incoming path and params will be included in the redirect. For example, http://example.com/thing?id=2 will redirect to https://example.com/thing?id=2.

frontend wwws
bind
0.0.0.0:443 ssl crt /etc/haproxy/server.pem

Concat your crt, key (password removed), and any other crts in the chain.

Avoid relative paths unless you're certain of haproxy's working directory.

default_backend
www_backend

acl
is_websocket hdr(Upgrade) -i WebSocket
use_backend
websocket_backend if is_websocket

tcp-request content
accept if HTTP
use_backend
flashsocket_backend if !HTTP
frontend flash_policy
bind
0.0.0.0:843

This is the stadnard port where the flash client looks for the flash policy.

default_backend
nodejs_flashpolicy
backend www_backend
mode
http
stats uri
/haproxy
reqadd
x-forwarded-proto:\ https

This header will help most web frameworks (express, rails, sinatra) when they generate absolute urls. The generated urls will include the right protocol (i.e. https).

The upside is that you can avoid conditional code in your application for handling https. Your application really shouldn't be doing that anyway.


server
server1 backend:3000

This is the default port for node.js apps using express.

weight 1 maxconn 8192 check
backend websocket_backend
mode
http

server
server1 backend:3000

This is the default port for node.js apps using express.

weight 1 maxconn 8192 check
backend flashsocket_backend
server
server1 backend:3000

This is the default port for node.js apps using express.

weight 1 maxconn 8192 check
backend nodejs_flashpolicy
server
server1 backend:10843

This is the default port socket.io uses for the flash policy.

maxconn 8192 check

Read more at The Carbon Emitter.