haproxy updates

12 months ago · db6345ce01
2 changed files with 37 additions and 1 deletions
--- a/apps/haproxy/haproxy-v2.cfg
+++ b/apps/haproxy/haproxy-v2.cfg
@ -0,0 +1,36 @@
+global
+    log stdout format raw local0
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+resolvers mydns
+  parse-resolv-conf
+
+defaults
+    retries                 3
+    log global
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+
+frontend f_https
+    bind ipv6@:6443
+    mode tcp
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+    tcp-request content reject unless { req_ssl_sni -i k8s.ooo }
+    tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
+
+    default_backend b_https
+
+backend b_https
+    mode tcp
+
+    tcp-request content set-dst var(txn.myip)
+    server tcp_https ipv6@*
--- a/apps/haproxy/haproxy.cfg
+++ b/apps/haproxy/haproxy.cfg
@ -48,9 +48,9 @@ frontend f_https

    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
+    tcp-request deny unless { req_ssl_sni -i k8s.ooo }
    tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower

-
    default_backend b_https

 backend b_https