全局和默认设置
Settings in this part is immutable, you have to redeploy HAProxy service to make the changes take effects
| 环境变量 | 默认 | 描述 | |
|---|---|---|---|
| ADDITIONAL_BACKENDS | list of additional backends to balance. The format is `backend name, FORCE_SSL(True | False), server name, host:port, options` | |
| ADDITIONAL_SERVICES | list of additional services to balance (es: prj1:web,prj2:sql). Discovery will be based on `com.docker.compose.[project |
service]` container labels. This environment variable only works on compose v2, and the referenced services must be on a network resolvable and accessible to this containers. | |
| BALANCE | roundrobin | load balancing algorithm to use. Possible values include: roundrobin, static-rr, source, leastconn. See:HAProxy:balance |
|
| CA_CERT_FILE | the path of a ca-cert file. This allows you to mount your ca-cert file directly from a volume instead of from envvar. If set, CA_CERT envvar will be ignored. Possible value: /cacerts/cert0.pem |
||
| CA_CERT | CA cert for haproxy to verify the client. Use the same format as DEFAULT_SSL_CERT |
||
| CERT_FOLDER | the path of certificates. This allows you to mount your certificate files directly from a volume instead of from envvars. If set, DEFAULT_SSL_CERT and SSL_CERT from linked services are ignored. Possible value:/certs/ |
||
| DEFAULT_SSL_CERT | Default ssl cert, a pem file content with private key followed by public certificate, '\n'(two chars) as the line separator. should be formatted as one line - see SSL Termination | ||
| EXTRA_BIND_SETTINGS | comma-separated string(<port>:<setting>) of extra settings, and each part will be appended to the related port bind section in the configuration file. To escape comma, use \,. Possible value: 443:accept-proxy, 80:name http |
||
| EXTRA_DEFAULT_SETTINGS | comma-separated string of extra settings, and each part will be appended to DEFAULT section in the configuration file. To escape comma, use \, |
||
| EXTRAFRONTEND_SETTINGS\ |
comma-separated string of extra settings, and each part will be appended frontend section with the port number specified in the name of the envvar. To escape comma, use \,. E.g. EXTRA_FRONTEND_SETTINGS_80=balance source, maxconn 2000 |
||
| EXTRA_GLOBAL_SETTINGS | comma-separated string of extra settings, and each part will be appended to GLOBAL section in the configuration file. To escape comma, use \,. Possible value: tune.ssl.cachesize 20000, tune.ssl.default-dh-param 2048 |
||
| EXTRA_ROUTE_SETTINGS | a string which is append to the each backend route after the health check, can be over written in the linked services. Possible value: "send-proxy" | ||
| EXTRA_SSL_CERTS | list of extra certificate names separated by comma, eg. CERT1, CERT2, CERT3. You also need to specify each certificate as separate env variables like so: CERT1="<cert-body1>", CERT2="<cert-body2>", CERT3="<cert-body3>" |
||
| FORCE_DEFAULT_BACKEND | True | set the default_service as a default backend. This is useful when you have more than one backend and you don't want your default_service as a default backend | |
| HEALTH_CHECK | check | set health check on each backend route, possible value: "check inter 2000 rise 2 fall 3". See:HAProxy:check | |
| HTTP_BASIC_AUTH | a comma-separated list of credentials(<user>:<pass>) for HTTP basic auth, which applies to all the backend routes. To escape comma, use \,. Attention: DO NOT rely on this for authentication in production |
||
| MAXCONN | 4096 | sets the maximum per-process number of concurrent connections. | |
| MODE | http | mode of load balancing for HAProxy. Possible values include: http, tcp, health |
|
| MONITOR_PORT | the port number where monitor_uri should be added to. Use together with MONTIOR_URI. Possible value: 80 |
||
| MONITOR_URI | the exact URI which we want to intercept to return HAProxy's health status instead of forwarding the request.See: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-monitor-uri. Possible value: /ping |
||
| OPTION | redispatch | comma-separated list of HAProxy option entries to the default section. |
|
| RSYSLOG_DESTINATION | 127.0.0.1 | the rsyslog destination to where HAProxy logs are sent | |
| SKIP_FORWARDED_PROTO | If set to any value, HAProxy will not add an X-Forwarded- headers. This can be used when combining HAProxy with another load balancer | ||
| SSL_BIND_CIPHERS | explicitly set which SSL ciphers will be used for the SSL server. This sets the HAProxy ssl-default-bind-ciphers configuration setting. |
||
| SSL_BIND_OPTIONS | no-sslv3 | explicitly set which SSL bind options will be used for the SSL server. This sets the HAProxy ssl-default-bind-options configuration setting. The default will allow only TLSv1.0+ to be used on the SSL server. |
|
| STATS_AUTH | stats:stats | username and password required to access the Haproxy stats. | |
| STATS_PORT | 1936 | port for the HAProxy stats section. If this port is published, stats can be accessed at http://<host-ip>:<STATS_PORT>/ |
|
| TIMEOUT | connect 5000, client 50000, server 50000 | comma-separated list of HAProxy timeout entries to the default section. |
|
| NBPROC | 1 | sets the nbproc entry to the global section. By default, only one process is created, which is the recommended mode of operation. |