Last active
March 17, 2018 14:20
-
-
Save UnixSage/25af7fac6a53bed9f1801fb4cf9a7c12 to your computer and use it in GitHub Desktop.
Using haproxy as a shim between a SSLv3 Interface and a modern browser
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
daemon | |
maxconn 1028 | |
tune.ssl.default-dh-param 1024 | |
user haproxy | |
group haproxy | |
log 127.0.0.1 local0 | |
defaults | |
timeout connect 5000ms | |
timeout client 50000ms | |
timeout server 50000ms | |
frontend https_443_frontend | |
bind *:443 ssl crt /etc/ssl/certs/targeturl.pem | |
mode http | |
option forwardfor | |
option http-server-close | |
option httpclose | |
# we add this so the backend servers know the request was ssl | |
# otherwise we could end up in a redirect loop | |
reqadd X-Forwarded-Proto:\ https | |
default_backend http_443_backend | |
backend http_443_backend | |
mode http | |
balance roundrobin | |
timeout connect 5s | |
timeout server 30s | |
server web01 target.example.com:443 weight 1 maxconn 100 check ssl verify none force-sslv3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment