-
-
Save ResDiaryLewis/9ebbcc72c9188158c4ecdc78fb989492 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| maxconn 20000 | |
| frontend ssl | |
| maxconn 10000 | |
| # Listen to port 443 and decrypt traffic | |
| bind *:443 ssl crt /etc/haproxy/certs.d/cert.pem no-sslv3 | |
| mode http | |
| # ... | |
| # Output to man-in-the-middle backend | |
| default_backend ssl_termination_backend | |
| backend ssl_termination_backend | |
| mode http | |
| # Output to port 2802, which ssl_termination_frontend listens to | |
| server ssl_termination_server localhost:2802 | |
| frontend ssl_termination_frontend | |
| maxconn 15000 | |
| # Listen to port 2802 | |
| bind :2802 | |
| mode http | |
| # Output to https backend | |
| default_backend ssl_backend | |
| backend ssl_backend | |
| mode http | |
| balance | |
| http-request set-header Host server.com | |
| # ... | |
| # Output to server.com, log as http_server | |
| server https_server server.com:443 ssl ca-file /etc/haproxy/certs.d/cert.pem sni req.hdr(host) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment