ungleich-k8s/apps/haproxy/haproxy-v2.cfg

global
    log stdout format raw local0

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

resolvers mydns
  parse-resolv-conf

defaults
    retries                 3
    log global
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s

frontend f_https
    bind ipv6@:6443
    mode tcp

    tcp-request inspect-delay 5s
    tcp-request content accept if { req_ssl_hello_type 1 }
    tcp-request content reject unless { req_ssl_sni -i k8s.ooo }
    tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower

    default_backend b_https

backend b_https
    mode tcp

    tcp-request content set-dst var(txn.myip)
    server tcp_https ipv6@*
haproxy updates 2021-07-16 14:27:28 +00:00			`global`
			`log stdout format raw local0`

			`# turn on stats unix socket`
			`stats socket /var/lib/haproxy/stats`

			`resolvers mydns`
			`parse-resolv-conf`

			`defaults`
			`retries 3`
			`log global`
			`timeout http-request 10s`
			`timeout queue 1m`
			`timeout connect 10s`
			`timeout client 1m`
			`timeout server 1m`
			`timeout http-keep-alive 10s`
			`timeout check 10s`

			`frontend f_https`
			`bind ipv6@:6443`
			`mode tcp`

			`tcp-request inspect-delay 5s`
			`tcp-request content accept if { req_ssl_hello_type 1 }`
			`tcp-request content reject unless { req_ssl_sni -i k8s.ooo }`
			`tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower`

			`default_backend b_https`

			`backend b_https`
			`mode tcp`

			`tcp-request content set-dst var(txn.myip)`
			`server tcp_https ipv6@*`