Last active
May 20, 2019 17:51
-
-
Save lucize/5319fddcf90dcb816de1430a604e34da to your computer and use it in GitHub Desktop.
HAProxy Skype for Business 2015 OpenWRT Let's Encrypt LetsEncrypt SfB without Web Application Proxy WAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Global parameters | |
global | |
# Log events to a remote syslog server at given address using the | |
# specified facility and verbosity level. Multiple log options | |
# are allowed. | |
#log 10.0.0.1 daemon info | |
log /dev/log local0 | |
log /dev/log local1 notice | |
# Specifiy the maximum number of allowed connections. | |
maxconn 32000 | |
# Raise the ulimit for the maximum allowed number of open socket | |
# descriptors per process. This is usually at least twice the | |
# number of allowed connections (maxconn * 2 + nb_servers + 1) . | |
ulimit-n 65535 | |
# Drop privileges (setuid, setgid), default is "root" on OpenWrt. | |
uid 0 | |
gid 0 | |
# Perform chroot into the specified directory. | |
#chroot /var/run/haproxy/ | |
# Daemonize on startup | |
daemon | |
nosplice | |
# Enable debugging | |
#debug | |
# Spawn given number of processes and distribute load among them, | |
# used for multi-core environments or to circumvent per-process | |
# limits like number of open file descriptors. Default is 1. | |
nbproc 2 | |
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS | |
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 | |
tune.ssl.default-dh-param 2048 | |
defaults | |
log global | |
mode http | |
option httplog | |
option dontlognull | |
# option forwardfor | |
# option http-server-close | |
option http-no-delay | |
option contstats | |
option logasap | |
balance source | |
timeout connect 5000 | |
timeout client 50000 | |
timeout server 50000 | |
timeout queue 30s | |
# skype | |
listen skype_2015_proxy | |
# Disable this instance without commenting out the section. | |
#disabled | |
# Bind to port 443 | |
# fullchain.cer.all is a fullchain.cer combined with meet.domain.tld.key | |
# the certificate should also contain the webext.domain.tld,lyncdiscover.domain.tld,fs.domain.tld,dialin.domain.tld | |
bind <EXTERNAL_IP>:443 ssl crt /etc/acme/meet.domain.tld/fullchain.cer.all alpn http/1.1 | |
# This is a HTTP proxy | |
mode http | |
# Capture the User-Agent Header, so that it is Added to the Log | |
capture request header User-Agent len 50 | |
capture request header Content-Length len 120 | |
capture response header Content-Length len 120 | |
server SfB_Frontend <INTERNAL_IP>:4443 check ssl verify none | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment