-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhaproxy.cfg
More file actions
103 lines (83 loc) · 2.83 KB
/
haproxy.cfg
File metadata and controls
103 lines (83 loc) · 2.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
global
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 1d
# log /dev/log local0
# log /dev/log local1 notice
# log /dev/log local0 info
tune.h2.initial-window-size 2147483647
tune.ssl.default-dh-param 2048
pidfile /run/haproxy.pid
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
defaults
log global
mode tcp
option dontlognull
timeout connect 200ms
timeout client 300s
timeout server 300s
frontend multiport
mode tcp
bind-process 1 2
bind *:222-1000 tfo
bind *:443 tfo
bind *:8443 tfo
tcp-request inspect-delay 500ms
tcp-request content accept if HTTP
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend recir_http if HTTP
default_backend recir_https
frontend multiports
mode tcp
bind abns@haproxy-http accept-proxy tfo
default_backend recir_https_www
frontend ssl
mode tcp
bind-process 1
bind *:80 tfo
bind *:55 tfo
bind *:8080 tfo
bind *:8880 tfo
bind abns@haproxy-https accept-proxy ssl crt /etc/haproxy/hap.pem alpn h2,http/1.1 tfo
tcp-request inspect-delay 500ms
tcp-request content capture req.ssl_sni len 100
tcp-request content accept if { req.ssl_hello_type 1 }
acl chk-02_up hdr(Connection) -i upgrade
acl chk-02_ws hdr(Upgrade) -i websocket
acl this_payload payload(0,7) -m bin 5353482d322e30
acl up-to ssl_fc_alpn -i h2
use_backend GRUP_FTVPN if up-to
use_backend FTVPN if chk-02_up chk-02_ws
use_backend FTVPN if { path_reg -i ^\/(.*) }
use_backend BOT_FTVPN if this_payload
default_backend CHANNEL_FTVPN
backend recir_https_www
mode tcp
server misssv-bau 127.0.0.1:2223 check
backend FTVPN
mode http
server hencet-bau 127.0.0.1:1010 send-proxy check
backend GRUP_FTVPN
mode tcp
server hencet-baus 127.0.0.1:1013 send-proxy check
backend CHANNEL_FTVPN
mode tcp
balance roundrobin
server nonok-bau 127.0.0.1:1194 check
server memek-bau 127.0.0.1:1012 send-proxy check
backend BOT_FTVPN
mode tcp
server misv-bau 127.0.0.1:2222 check
backend recir_http
mode tcp
server loopback-for-http abns@haproxy-http send-proxy-v2 check
backend recir_https
mode tcp
server loopback-for-https abns@haproxy-https send-proxy-v2 check