techotaku/haproxy.cfg

## haproxy.cfg
defaults
    timeout connect 5s
    timeout client 24h
    timeout server 24h

global
    log /dev/log local0

frontend ssl
    log global
    mode tcp
    option tcplog
    option dontlognull
    bind 0.0.0.0:443

    tcp-request inspect-delay 3s
    tcp-request content accept if { req.ssl_hello_type 1 }

    acl tls req.ssl_hello_type 1
    acl has_sni req.ssl_sni -m found

    use_backend ocserv if tls !has_sni
    use_backend shadowsocksr if tls { req.ssl_sni -i your.tls.obfuscation.domain }
    use_backend nginx if tls has_sni
    default_backend nginx

backend ocserv
    mode tcp
    server sslvpn ocserv:443 send-proxy-v2

backend nginx
    mode tcp
    timeout server 5m
    server webserver nginx:443 send-proxy

backend shadowsocksr
    mode tcp
    server socks ssr:443
	defaults
	timeout connect 5s
	timeout client 24h
	timeout server 24h

	global
	log /dev/log local0

	frontend ssl
	log global
	mode tcp
	option tcplog
	option dontlognull
	bind 0.0.0.0:443

	tcp-request inspect-delay 3s
	tcp-request content accept if { req.ssl_hello_type 1 }

	acl tls req.ssl_hello_type 1
	acl has_sni req.ssl_sni -m found

	use_backend ocserv if tls !has_sni
	use_backend shadowsocksr if tls { req.ssl_sni -i your.tls.obfuscation.domain }
	use_backend nginx if tls has_sni
	default_backend nginx

	backend ocserv
	mode tcp
	server sslvpn ocserv:443 send-proxy-v2

	backend nginx
	mode tcp
	timeout server 5m
	server webserver nginx:443 send-proxy

	backend shadowsocksr
	mode tcp
	server socks ssr:443