Created
October 2, 2020 03:58
-
-
Save fefz/28e9156416588bb3b607270103a90328 to your computer and use it in GitHub Desktop.
use Haproxy to route different proxy app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # haproxy1.8 version | |
| global | |
| log /dev/log local0 | |
| log /dev/log local1 notice | |
| chroot /var/lib/haproxy | |
| stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners | |
| stats timeout 30s | |
| user haproxy | |
| group haproxy | |
| daemon | |
| # Default SSL material locations | |
| ca-base /etc/ssl/certs | |
| crt-base /etc/ssl/private | |
| # Default ciphers to use on SSL-enabled listening sockets. | |
| # For more information, see ciphers(1SSL). This list is from: | |
| # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ | |
| # An alternative list with additional directives can be obtained from | |
| # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy | |
| ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | |
| ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 | |
| ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 | |
| tune.ssl.default-dh-param 2048 | |
| defaults | |
| log global | |
| mode http | |
| option httplog | |
| option dontlognull | |
| timeout connect 5000 | |
| timeout client 50000 | |
| timeout server 50000 | |
| errorfile 400 /etc/haproxy/errors/400.http | |
| errorfile 403 /etc/haproxy/errors/403.http | |
| errorfile 408 /etc/haproxy/errors/408.http | |
| errorfile 500 /etc/haproxy/errors/500.http | |
| errorfile 502 /etc/haproxy/errors/502.http | |
| errorfile 503 /etc/haproxy/errors/503.http | |
| errorfile 504 /etc/haproxy/errors/504.http | |
| frontend ssl | |
| mode tcp | |
| bind *:443 | |
| tcp-request inspect-delay 5s | |
| tcp-request content accept if { req.ssl_hello_type 1 } | |
| acl web req_ssl_sni -i 0xffff.top | |
| acl web req_ssl_sni -i www.0xffff.top | |
| acl trojan req_ssl_sni -i t.0xffff.top | |
| acl v2ray req_ssl_sni -i v.0xffff.top | |
| use_backend web_back if web | |
| use_backend trojan_back if trojan | |
| use_backend v2ray_back if v2ray | |
| backend v2ray_back | |
| mode tcp | |
| server v2ray 127.0.0.1:8899 | |
| backend web_back | |
| mode tcp | |
| server caddy 127.0.0.1:8888 | |
| backend trojan_back | |
| mode tcp | |
| server trojan 127.0.0.1:8889 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment