ungleich-k8s/apps/haproxy/haproxy.cfg
2021-06-24 20:29:27 +02:00

69 lines
1.5 KiB
INI

global
log stdout format raw local0
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
resolvers mydns
parse-resolv-conf
timeout retry 1s
hold valid 30s
hold nx 3s
hold other 3s
hold obsolete 0s
accepted_payload_size 8192
defaults
retries 3
log global
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
frontend http
bind :80
mode http
option httplog
http-request do-resolve(txn.myip,mydns,ipv6) hdr(Host),lower
# http-request capture var(txn.myip) len 255
use_backend b_503 unless { var(txn.myip) -m found }
default_backend http
# dummy backend
backend b_503
mode http
backend http
mode http
http-request deny unless { hdr(host) -i c2.k8s.ooo }
http-request set-dst var(txn.myip)
server http ipv6@*
# # HTTPs
frontend f_https
bind :443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
default_backend b_https
backend b_https
mode tcp
tcp-request content set-dst var(txn.myip)
server tcp_https ipv6@*
# tcp-request capture var(txn.myip) len 255
# tcp-request connection deny unless { hdr(host) -i c2.k8s.ooo }
# use_backend b_503 unless { var(txn.myip) -m found }