global log /dev/log local0 log /dev/log local1 notice stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ # An alternative list with additional directives can be obtained from # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 tune.ssl.default-dh-param 2048 defaults timeout connect 5000 timeout client 50000 timeout server 50000 resolvers docker nameserver dns 127.0.0.11:53 frontend mqtt bind :8883 ssl crt /certs/iotedge.pem default_backend edgehub-mqtt frontend amqp bind :5671 ssl crt /certs/iotedge.pem default_backend edgehub-amqp frontend http bind :443 ssl crt /certs/iotedge.pem default_backend edgehub-http backend edgehub-mqtt balance roundrobin server node1 edgeHub:8883 resolvers docker ssl verify none backend edgehub-amqp balance roundrobin server node1 edgeHub:5671 resolvers docker ssl verify none backend edgehub-http balance roundrobin server node1 edgeHub:443 resolvers docker ssl verify none