haproxy_ref.cfg

global
    log stdout format raw local0

    # log /dev/log    local0
    # log /dev/log    local1 notice
    # chroot /var/lib/haproxy
    # stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
    # stats timeout 30s
    # user haproxy
    # group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    # An alternative list with additional directives can be obtained from
    #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
    log global
    mode    http
    # option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    errorfile 400 /usr/local/etc/haproxy/errors/400.http
    errorfile 403 /usr/local/etc/haproxy/errors/403.http
    errorfile 408 /usr/local/etc/haproxy/errors/408.http
    errorfile 500 /usr/local/etc/haproxy/errors/500.http
    errorfile 502 /usr/local/etc/haproxy/errors/502.http
    errorfile 503 /usr/local/etc/haproxy/errors/503.http
    errorfile 504 /usr/local/etc/haproxy/errors/504.http

frontend ccloud
        mode tcp
        bind *:9092
        bind *:443
        log global

        tcp-request inspect-delay 5s
        tcp-request content accept if { req.ssl_hello_type 1 }

###  SNI Config
        acl is_broker0 req.ssl_sni -i b0-BOOTSTRAP_HOSTNAME
        acl is_broker1 req.ssl_sni -i b1-BOOTSTRAP_HOSTNAME
        acl is_broker2 req.ssl_sni -i b2-BOOTSTRAP_HOSTNAME
        acl is_broker3 req.ssl_sni -i b3-BOOTSTRAP_HOSTNAME
        # acl is_broker4 req.ssl_sni -i b4-BOOTSTRAP_HOSTNAME
        # acl is_broker5 req.ssl_sni -i b5-BOOTSTRAP_HOSTNAME
        # acl is_broker6 req.ssl_sni -i b6-BOOTSTRAP_HOSTNAME
        # acl is_broker7 req.ssl_sni -i b7-BOOTSTRAP_HOSTNAME
        # acl is_broker8 req.ssl_sni -i b8-BOOTSTRAP_HOSTNAME
        # acl is_broker9 req.ssl_sni -i b9-BOOTSTRAP_HOSTNAME
        # acl is_broker10 req.ssl_sni -i b10-BOOTSTRAP_HOSTNAME
        # acl is_broker11 req.ssl_sni -i b11-BOOTSTRAP_HOSTNAME
        # acl is_broker12 req.ssl_sni -i b12-BOOTSTRAP_HOSTNAME
        # acl is_broker13 req.ssl_sni -i b13-BOOTSTRAP_HOSTNAME
        # acl is_broker14 req.ssl_sni -i b14-BOOTSTRAP_HOSTNAME
        # acl is_broker15 req.ssl_sni -i b15-BOOTSTRAP_HOSTNAME
        # acl is_broker16 req.ssl_sni -i b16-BOOTSTRAP_HOSTNAME
        # acl is_broker17 req.ssl_sni -i b17-BOOTSTRAP_HOSTNAME
        # acl is_broker18 req.ssl_sni -i b18-BOOTSTRAP_HOSTNAME
        # acl is_broker19 req.ssl_sni -i b19-BOOTSTRAP_HOSTNAME
        # acl is_broker20 req.ssl_sni -i b20-BOOTSTRAP_HOSTNAME
        # acl is_broker21 req.ssl_sni -i b21-BOOTSTRAP_HOSTNAME
        # acl is_broker22 req.ssl_sni -i b22-BOOTSTRAP_HOSTNAME
        # acl is_broker23 req.ssl_sni -i b23-BOOTSTRAP_HOSTNAME

        acl is_bootstrap req.ssl_sni -i BOOTSTRAP_HOSTNAME

        acl is_admin_api req.ssl_sni -i ADMIN_API_HOSTNAME

        use_backend broker0 if is_broker0
        use_backend broker1 if is_broker1
        use_backend broker2 if is_broker2
        use_backend broker3 if is_broker3
        # use_backend broker4 if is_broker4
        # use_backend broker5 if is_broker5
        # use_backend broker6 if is_broker6
        # use_backend broker7 if is_broker7
        # use_backend broker8 if is_broker8
        # use_backend broker9 if is_broker9
        # use_backend broker10 if is_broker10
        # use_backend broker11 if is_broker11
        # use_backend broker12 if is_broker12
        # use_backend broker13 if is_broker13
        # use_backend broker14 if is_broker14
        # use_backend broker15 if is_broker15
        # use_backend broker16 if is_broker16
        # use_backend broker17 if is_broker17
        # use_backend broker18 if is_broker18
        # use_backend broker19 if is_broker19
        # use_backend broker20 if is_broker20
        # use_backend broker21 if is_broker21
        # use_backend broker22 if is_broker22
        # use_backend broker23 if is_broker23

        use_backend bootstrap if is_bootstrap

        use_backend admin_api if is_admin_api

### backend definitions 
backend broker0
        mode tcp
        server broker0 b0-BOOTSTRAP_HOSTNAME:9092 check

backend broker1
        mode tcp
        server broker1 b1-BOOTSTRAP_HOSTNAME:9092 check

backend broker2
        mode tcp
        server broker2 b2-BOOTSTRAP_HOSTNAME:9092 check

backend broker3
        mode tcp
        server broker3 b3-BOOTSTRAP_HOSTNAME:9092 check

# backend broker4
#         mode tcp
#         server broker4 b4-BOOTSTRAP_HOSTNAME:9092 check

# backend broker5
#         mode tcp
#         server broker5 b5-BOOTSTRAP_HOSTNAME:9092 check

# backend broker6
#         mode tcp
#         server broker6 b6-BOOTSTRAP_HOSTNAME:9092 check

# backend broker7
#         mode tcp
#         server broker7 b7-BOOTSTRAP_HOSTNAME:9092 check

# backend broker8
#         mode tcp
#         server broker8 b8-BOOTSTRAP_HOSTNAME:9092 check

# backend broker9
#         mode tcp
#         server broker9 b9-BOOTSTRAP_HOSTNAME:9092 check

# backend broker10
#         mode tcp
#         server broker10 b10-BOOTSTRAP_HOSTNAME:9092 check

# backend broker11
#         mode tcp
#         server broker11 b11-BOOTSTRAP_HOSTNAME:9092 check

# backend broker12
#         mode tcp
#         server broker12 b12-BOOTSTRAP_HOSTNAME:9092 check

# backend broker13
#         mode tcp
#         server broker13 b13-BOOTSTRAP_HOSTNAME:9092 check

# backend broker14
#         mode tcp
#         server broker14 b14-BOOTSTRAP_HOSTNAME:9092 check

# backend broker15
#         mode tcp
#         server broker15 b15-BOOTSTRAP_HOSTNAME:9092 check

# backend broker16
#         mode tcp
#         server broker16 b16-BOOTSTRAP_HOSTNAME:9092 check

# backend broker17
#         mode tcp
#         server broker17 b17-BOOTSTRAP_HOSTNAME:9092 check

# backend broker18
#         mode tcp
#         server broker18 b18-BOOTSTRAP_HOSTNAME:9092 check

# backend broker19
#         mode tcp
#         server broker19 b19-BOOTSTRAP_HOSTNAME:9092 check

# backend broker20
#         mode tcp
#         server broker20 b20-BOOTSTRAP_HOSTNAME:9092 check

# backend broker21
#         mode tcp
#         server broker21 b21-BOOTSTRAP_HOSTNAME:9092 check

# backend broker22
#         mode tcp
#         server broker22 b22-BOOTSTRAP_HOSTNAME:9092 check

# backend broker23
#         mode tcp
#         server broker23 b23-BOOTSTRAP_HOSTNAME:9092 check

backend bootstrap
        mode tcp
        server bootstrap BOOTSTRAP_HOSTNAME:9092 check

backend admin_api
        mode tcp
        server admin_api ADMIN_API_HOSTNAME:443 check