69 lines
1.5 KiB
INI
69 lines
1.5 KiB
INI
global
|
|
log stdout format raw local0
|
|
|
|
# turn on stats unix socket
|
|
stats socket /var/lib/haproxy/stats
|
|
|
|
resolvers mydns
|
|
parse-resolv-conf
|
|
timeout retry 1s
|
|
hold valid 30s
|
|
hold nx 3s
|
|
hold other 3s
|
|
hold obsolete 0s
|
|
accepted_payload_size 8192
|
|
|
|
defaults
|
|
retries 3
|
|
log global
|
|
timeout http-request 10s
|
|
timeout queue 1m
|
|
timeout connect 10s
|
|
timeout client 1m
|
|
timeout server 1m
|
|
timeout http-keep-alive 10s
|
|
timeout check 10s
|
|
|
|
frontend http
|
|
bind :80
|
|
mode http
|
|
option httplog
|
|
|
|
http-request do-resolve(txn.myip,mydns,ipv6) hdr(Host),lower
|
|
# http-request capture var(txn.myip) len 255
|
|
use_backend b_503 unless { var(txn.myip) -m found }
|
|
|
|
default_backend http
|
|
|
|
# dummy backend
|
|
backend b_503
|
|
mode http
|
|
|
|
backend http
|
|
mode http
|
|
http-request deny unless { hdr(host) -i c2.k8s.ooo }
|
|
http-request set-dst var(txn.myip)
|
|
server http ipv6@*
|
|
|
|
# # HTTPs
|
|
frontend f_https
|
|
bind :443
|
|
mode tcp
|
|
option tcplog
|
|
|
|
tcp-request inspect-delay 5s
|
|
tcp-request content accept if { req_ssl_hello_type 1 }
|
|
tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
|
|
|
|
|
|
default_backend b_https
|
|
|
|
backend b_https
|
|
mode tcp
|
|
|
|
tcp-request content set-dst var(txn.myip)
|
|
server tcp_https ipv6@*
|
|
|
|
# tcp-request capture var(txn.myip) len 255
|
|
# tcp-request connection deny unless { hdr(host) -i c2.k8s.ooo }
|
|
# use_backend b_503 unless { var(txn.myip) -m found }
|