forked from alebedev87/haproxy-timeout-tunnel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
haproxy-tunnel-minimal.config
70 lines (54 loc) · 2.1 KB
/
haproxy-tunnel-minimal.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
global
maxconn 50000
nbthread 4
log stdout len 4096 local0 debug
ca-base /etc/ssl
crt-base /etc/ssl
tune.maxrewrite 8192
tune.bufsize 32768
ssl-default-bind-options ssl-min-ver TLSv1.2
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
defaults
maxconn 50000
option httplog
log global
timeout connect 5s
timeout client 30s
timeout client-fin 1s
timeout server 30s
timeout server-fin 1s
timeout http-request 10s
timeout http-keep-alive 300s
# Long timeout for WebSocket connections.
timeout tunnel 5s
frontend front_ssl
option tcplog
bind :8843
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend be_sni
backend be_sni
server fe_sni unix@/tmp/haproxy-sni.sock weight 1 send-proxy
frontend fe_sni
bind unix@/tmp/haproxy-sni.sock ssl crt /tmp/default.pem accept-proxy
mode http
http-request del-header Proxy
http-request set-header Host %[req.hdr(Host),lower]
use_backend back_http
backend back_http
mode http
option redispatch
option forwardfor
balance random
timeout tunnel 15s
timeout check 5000ms
http-request add-header X-Forwarded-Host %[req.hdr(host)]
http-request add-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto http if !{ ssl_fc }
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 }
http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
cookie e820bb4044bb4e95dea397e6f06653e9 insert indirect nocache httponly secure attr SameSite=None
server www 127.0.0.1:8080 cookie 01d48acbfbe0b6632bbf35be590cab0a weight 1