Benoit/HAProxy
Benoit/HAProxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
HAProxy configuration files for my self-hosted setup.
143 commits 1 branch 0 tags 617 KiB
Find a file
Exact
Benoit a554f61947 add top-places.benoit.jp.net frontend and backend 
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-26 14:48:13 +09:00
00global.cfg add tailscale resolver and route arr/uptime-kuma backends through it 2026-04-26 13:23:35 +09:00
01defaults.cfg perf and security hardening: HTTP/3, splice, silent-drop, L4 flood protection 2026-04-25 23:05:41 +09:00
02cache.cfg haproxy: tune cache, drop mastodon rate limiting, cache webfinger 2026-03-09 21:13:37 +09:00
03frontends.cfg add top-places.benoit.jp.net frontend and backend 2026-04-26 14:48:13 +09:00
04listen.cfg perf and security hardening: HTTP/3, splice, silent-drop, L4 flood protection 2026-04-25 23:05:41 +09:00
05backends.cfg add top-places.benoit.jp.net frontend and backend 2026-04-26 14:48:13 +09:00
CLAUDE.md add log-send-hostname so log lines show tsunagaru instead of localhost 2026-04-22 21:21:01 +09:00
goaccess.conf fix: remove empty %hs from log format to fix GoAccess request parsing 2026-03-25 07:10:07 +09:00
LICENSE Initial commit 2024-10-08 10:10:10 +00:00
README.md docs: add GoAccess config and update README/CLAUDE.md 2026-03-25 06:51:22 +09:00

README.md

HAProxy

HAProxy configuration files for my self-hosted infrastructure.

Deployment

HAProxy loads all .cfg files from /etc/haproxy/config in order:

# /etc/systemd/system/haproxy.service.d/override.conf
[Service]
Environment="CONFIG=/etc/haproxy/config"

Files

File Purpose
00global.cfg Global settings, TLS (Mozilla modern, TLS 1.3 only)
01defaults.cfg Default timeouts, logging mode, error files
02cache.cfg HTTP cache (128MB, 50MB max object, 24h TTL)
03frontends.cfg HTTP/HTTPS frontend with scanner detection, rate limiting, geo-ACLs
04listen.cfg TCP listen blocks for SSH, SMTP, SMTPS, IMAPS, Sieve
05backends.cfg Backend definitions, DNS resolver, shared stick-tables
goaccess.conf GoAccess config for parsing HAProxy logs

Log analysis with GoAccess

The HTTP frontend logs in enriched httplog format (Referer, User-Agent, request ID appended). Logs are written to /var/log/haproxy.log via rsyslog.

# Terminal dashboard
goaccess /var/log/haproxy.log -p /etc/haproxy/config/goaccess.conf

# HTML report
goaccess /var/log/haproxy.log -p /etc/haproxy/config/goaccess.conf -o /tmp/report.html

Request IDs are logged at the end of each line for tracing:

grep 8d03b867-3521-4bce-8354-aabeaa097977 /var/log/haproxy.log

Quick reference

# Test configuration
haproxy -c -f /etc/haproxy/config/

# Reload (zero downtime)
systemctl reload haproxy

# View stats
curl http://localhost:8404/stats

# Admin socket
echo "show cache" | socat /run/haproxy/admin.sock -
echo "show table frontend_default" | socat /run/haproxy/admin.sock -