-
-
Save coolaj86/2faa07aa535e6dc04639 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# See also | |
# https://coolaj86.com/articles/adventures-in-haproxy-tcp-tls-https-ssh-openvpn/ | |
# https://marc.info/?l=haproxy&m=143587574024358&w=2 | |
# https://marc.info/?l=haproxy&m=143586100819897&w=2 | |
# | |
global | |
log /var/lib/haproxy/dev/log local0 | |
#log /dev/log local0 | |
#log /dev/log local1 notice | |
chroot /var/lib/haproxy | |
user haproxy | |
group haproxy | |
daemon | |
defaults | |
log global | |
mode http | |
option httplog | |
option dontlognull | |
timeout connect 5000 | |
timeout client 50000 | |
timeout server 50000 | |
errorfile 400 /etc/haproxy/errors/400.http | |
errorfile 403 /etc/haproxy/errors/403.http | |
errorfile 408 /etc/haproxy/errors/408.http | |
errorfile 500 /etc/haproxy/errors/500.http | |
errorfile 502 /etc/haproxy/errors/502.http | |
errorfile 503 /etc/haproxy/errors/503.http | |
errorfile 504 /etc/haproxy/errors/504.http | |
frontend foo_ft_https | |
log global | |
mode tcp | |
option tcplog | |
bind 0.0.0.0:64443 | |
tcp-request inspect-delay 5s | |
tcp-request content accept if { req.ssl_hello_type 1 } | |
acl foo_app_bar req.ssl_sni -i bar.example.com | |
acl foo_app_baz req.ssl_sni -i baz.example.com | |
use_backend foo_bk_bar if foo_app_bar | |
use_backend foo_bk_baz if foo_app_baz | |
default_backend foo_bk_default | |
backend foo_bk_default | |
log global | |
mode tcp | |
option tcplog | |
server foo_srv_default 127.0.0.1:1443 | |
backend foo_bk_bar | |
log global | |
mode tcp | |
option tcplog | |
server foo_srv_bar 127.0.0.1:2443 | |
backend foo_bk_baz | |
log global | |
mode tcp | |
option tcplog | |
server foo_srv_baz 127.0.0.1:3443 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment