projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
010-security.debian.org.conf: explicitly bind to localhost
[mirror/dsa-puppet.git] / modules / roles / templates / snapshot / haproxy.cfg.erb
diff --git a/modules/roles/templates/snapshot/haproxy.cfg.erb b/modules/roles/templates/snapshot/haproxy.cfg.erb
index 9d8edfb..b711534 100644 (file)
--- a/modules/roles/templates/snapshot/haproxy.cfg.erb
+++ b/modules/roles/templates/snapshot/haproxy.cfg.erb
@@ -27,6 +27,7 @@ defaults
        mode    http
        option  httplog
        option  dontlognull
+       option  forwardfor
        timeout connect 5000
        timeout client  50000
        timeout server  50000
@@ -49,6 +50,10 @@ frontend front_ssl
        default_backend backend
 
        option http-keep-alive
+       # We rate-limit requests by clients.
+       #  Currently, we do that at the netfilter level, so one
+       #  request per connection works best.
+       option httpclose
        #option redispatch
 
 backend backend
Unnamed repository; edit this file 'description' to name the repository.