71 lines
2.5 KiB
INI
71 lines
2.5 KiB
INI
global
|
|
log /dev/loglocal0
|
|
log /dev/loglocal1 notice
|
|
chroot /var/lib/haproxy
|
|
stats socket /run/haproxy/admin.sock mode 660 level admin
|
|
stats timeout 30s
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
ca-base /etc/ssl/certs
|
|
crt-base /etc/ssl/private
|
|
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
|
|
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
|
|
|
|
defaults
|
|
log global
|
|
modetcp
|
|
option tcplog
|
|
timeout connect 5000
|
|
timeout client 50000
|
|
timeout server 50000
|
|
errorfile 400 /etc/haproxy/errors/400.http
|
|
errorfile 403 /etc/haproxy/errors/403.http
|
|
errorfile 408 /etc/haproxy/errors/408.http
|
|
errorfile 500 /etc/haproxy/errors/500.http
|
|
errorfile 502 /etc/haproxy/errors/502.http
|
|
errorfile 503 /etc/haproxy/errors/503.http
|
|
errorfile 504 /etc/haproxy/errors/504.http
|
|
|
|
frontend proxy
|
|
bind *:443
|
|
mode tcp
|
|
option tcplog
|
|
maxconn 10000
|
|
tcp-request inspect-delay 5s
|
|
tcp-request content accept if { req_ssl_hello_type 1 }
|
|
acl Nextcloud req_ssl_sni -i nextcloud.hhf.technology
|
|
acl BigBlueButton req_ssl_sni -i bbb.domain.de.de
|
|
use_backend Nextcloud if Nextcloud
|
|
use_backend BigBlueButton if BigBlueButton
|
|
|
|
backend Nextcloud
|
|
mode tcp
|
|
fullconn 5000
|
|
balance source
|
|
stick-table type binary len 32 size 1m expire 600m
|
|
acl clienthello req_ssl_hello_type 1
|
|
acl serverhello rep_ssl_hello_type 2
|
|
tcp-request inspect-delay 5s
|
|
tcp-request content accept if clienthello
|
|
tcp-response content accept if serverhello
|
|
stick on payload_lv(43,1) if clienthello
|
|
stick store-response payload_lv(43,1) if serverhello
|
|
option ssl-hello-chk
|
|
server Nextcloud 192.168.2.206:443 check maxconn 5000
|
|
|
|
backend BigBlueButton
|
|
mode tcp
|
|
fullconn 5000
|
|
balance source
|
|
stick-table type binary len 32 size 1m expire 600m
|
|
acl clienthello req_ssl_hello_type 1
|
|
acl serverhello rep_ssl_hello_type 2
|
|
tcp-request inspect-delay 5s
|
|
tcp-request content accept if clienthello
|
|
tcp-response content accept if serverhello
|
|
stick on payload_lv(43,1) if clienthello
|
|
stick store-response payload_lv(43,1) if serverhello
|
|
option ssl-hello-chk
|
|
server BigBlueButton 192.168.2.234:443 check maxconn 5000
|