You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

ingress配置文件

apiVersion: v1
data:
  add-headers: ingress-nginx/custom-headers-default
  allow-backend-server-header: 'true'
  compute-full-forwarded-for: 'true'
  enable-underscores-in-headers: 'true'
  error-log-level: notice
  forwarded-for-header: X-Forwarded-For
  generate-request-id: 'true'
  hsts: 'false'
  ignore-invalid-headers: 'true'
  log-format-upstream: >-
    $http_x_forwarded_for - [$remote_addr] - $remote_user [$time_local]
    "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
    $request_length $request_time [$proxy_upstream_name] $upstream_addr
    $upstream_response_length $upstream_response_time $upstream_status $req_id
    $host [$proxy_alternative_upstream_name]
  max-worker-connections: '65535'
  proxy-body-size: 4096M
  proxy-connect-timeout: '3600'
  proxy-read-timeout: '3600'
  proxy-send-timeout: '3600'
  ssl-ciphers: >-
    ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  ssl-protocols: TLSv1.2 TLSv1.1 TLSv1
  upstream-keepalive-connections: '40000'
  use-forwarded-headers: 'true'
  use-http2: 'false'
  use-proxy-protocol: 'true'
  worker-processes: '2'
  worker-shutdown-timeout: 2hs
kind: ConfigMap
metadata:
  name: ingress-nginx-controller-default
  namespace: ingress-nginx

haproxy配置文件

listen http-80
  bind 0.0.0.0:80
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server ingress-nginx-controller1 10.10.21.120:80 send-proxy check
  server ingress-nginx-controller2 10.10.21.122:80 send-proxy check
  server ingress-nginx-controller3 10.10.21.124:80 send-proxy check

listen https-443
  bind 0.0.0.0:443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server ingress-nginx-controller1 10.10.21.120:443 send-proxy check
  server ingress-nginx-controller2 10.10.21.122:443 send-proxy check
  server ingress-nginx-controller3 10.10.21.124:443 send-proxy check
  • No labels