coolaj86/haproxy.cfg Secret

## haproxy.cfg
#
# See also
#   https://coolaj86.com/articles/adventures-in-haproxy-tcp-tls-https-ssh-openvpn/
#   https://marc.info/?l=haproxy&m=143587574024358&w=2
#   https://marc.info/?l=haproxy&m=143586100819897&w=2
#

global
        log /var/lib/haproxy/dev/log    local0
        #log /dev/log   local0
        #log /dev/log   local1 notice
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client 50000
        timeout server 50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend foo_ft_https
        log     global
        mode tcp
        option tcplog
        bind 0.0.0.0:64443

        tcp-request inspect-delay 5s
        tcp-request content accept if { req.ssl_hello_type 1 }

        acl foo_app_bar req.ssl_sni -i bar.example.com
        acl foo_app_baz req.ssl_sni -i baz.example.com

        use_backend foo_bk_bar if foo_app_bar
        use_backend foo_bk_baz if foo_app_baz

        default_backend foo_bk_default

backend foo_bk_default
        log     global
        mode tcp
        option tcplog

        server foo_srv_default 127.0.0.1:1443

backend foo_bk_bar
        log     global
        mode tcp
        option tcplog

        server foo_srv_bar 127.0.0.1:2443

backend foo_bk_baz
        log     global
        mode tcp
        option tcplog

        server foo_srv_baz 127.0.0.1:3443
	#
	# See also
	# https://coolaj86.com/articles/adventures-in-haproxy-tcp-tls-https-ssh-openvpn/
	# https://marc.info/?l=haproxy&m=143587574024358&w=2
	# https://marc.info/?l=haproxy&m=143586100819897&w=2
	#

	global
	log /var/lib/haproxy/dev/log local0
	#log /dev/log local0
	#log /dev/log local1 notice
	chroot /var/lib/haproxy
	user haproxy
	group haproxy
	daemon

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	timeout connect 5000
	timeout client 50000
	timeout server 50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

	frontend foo_ft_https
	log global
	mode tcp
	option tcplog
	bind 0.0.0.0:64443

	tcp-request inspect-delay 5s
	tcp-request content accept if { req.ssl_hello_type 1 }

	acl foo_app_bar req.ssl_sni -i bar.example.com
	acl foo_app_baz req.ssl_sni -i baz.example.com

	use_backend foo_bk_bar if foo_app_bar
	use_backend foo_bk_baz if foo_app_baz

	default_backend foo_bk_default

	backend foo_bk_default
	log global
	mode tcp
	option tcplog

	server foo_srv_default 127.0.0.1:1443

	backend foo_bk_bar
	log global
	mode tcp
	option tcplog

	server foo_srv_bar 127.0.0.1:2443

	backend foo_bk_baz
	log global
	mode tcp
	option tcplog

	server foo_srv_baz 127.0.0.1:3443