User Tools
docu:csheet:syadm:web:server:haproxy_sni
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| docu:csheet:syadm:web:server:haproxy_sni [2020/02/18 16:54] – admin | docu:csheet:syadm:web:server:haproxy_sni [2020/05/10 10:55] (current) – admin | ||
|---|---|---|---|
| Line 13: | Line 13: | ||
| defaults | defaults | ||
| - | log 127.0.0.1 | + | log / |
| - | timeout connect | + | timeout connect |
| - | timeout queue | + | timeout client |
| - | timeout tarpit | + | timeout server |
| - | timeout client | + | |
| - | timeout http-request | + | |
| - | timeout http-keep-alive 5000 | + | |
| - | timeout server | + | |
| - | timeout check 7000 | + | |
| option tcplog | option tcplog | ||
| + | option logasap | ||
| mode tcp | mode tcp | ||
| frontend ssl-sni-router | frontend ssl-sni-router | ||
| - | bind *:443 v4v6 | + | bind :::443 v4v6 strict-sni alpn h2,http/1.1 |
| - | + | ||
| tcp-request inspect-delay 5s | tcp-request inspect-delay 5s | ||
| + | |||
| + | # log the ssl sni on the haproxy | ||
| + | tcp-request content capture req.ssl_sni len 24 | ||
| + | log-format " | ||
| + | |||
| tcp-request content accept if { req.ssl_hello_type 1 } | tcp-request content accept if { req.ssl_hello_type 1 } | ||
| - | | + | |
| acl a_somesite req.ssl_sni -i somesite.net | acl a_somesite req.ssl_sni -i somesite.net | ||
| use_backend somesite if a_somesite | use_backend somesite if a_somesite | ||
| - | default_backend | + | default_backend |
| - | backend | + | |
| + | backend | ||
| server def1 127.0.0.1: | server def1 127.0.0.1: | ||
| + | |||
| backend somesite | backend somesite | ||
docu/csheet/syadm/web/server/haproxy_sni.1582044842.txt.gz · Last modified: 2020/02/18 16:54 by admin
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
