haproxy updates

apps/haproxy/haproxy-v2.cfg

@@ -0,0 +1,36 @@
+global
+    log stdout format raw local0
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+resolvers mydns
+  parse-resolv-conf
+
+defaults
+    retries                 3
+    log global
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+
+frontend f_https
+    bind ipv6@:6443
+    mode tcp
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+    tcp-request content reject unless { req_ssl_sni -i k8s.ooo }
+    tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
+
+    default_backend b_https
+
+backend b_https
+    mode tcp
+
+    tcp-request content set-dst var(txn.myip)
+    server tcp_https ipv6@*

apps/haproxy/haproxy.cfg

@@ -48,9 +48,9 @@ frontend f_https
 
     tcp-request inspect-delay 5s
     tcp-request content accept if { req_ssl_hello_type 1 }
+    tcp-request deny unless { req_ssl_sni -i k8s.ooo }
     tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
 
-
     default_backend b_https
 
 backend b_https