Skip to content

Instantly share code, notes, and snippets.

@UnixSage
Last active Mar 17, 2018
Embed
What would you like to do?
Using haproxy as a shim between a SSLv3 Interface and a modern browser
global
daemon
maxconn 1028
tune.ssl.default-dh-param 1024
user haproxy
group haproxy
log 127.0.0.1 local0
defaults
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend https_443_frontend
bind *:443 ssl crt /etc/ssl/certs/targeturl.pem
mode http
option forwardfor
option http-server-close
option httpclose
# we add this so the backend servers know the request was ssl
# otherwise we could end up in a redirect loop
reqadd X-Forwarded-Proto:\ https
default_backend http_443_backend
backend http_443_backend
mode http
balance roundrobin
timeout connect 5s
timeout server 30s
server web01 target.example.com:443 weight 1 maxconn 100 check ssl verify none force-sslv3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment