extern/docker
1
0
Fork 1
mirror of https://github.com/bigbluebutton/docker.git synced 2025-05-13 03:54:36 +02:00
Code Issues Packages Projects Releases Wiki Activity
develop
docker/mod/haproxy/haproxy.cfg
chandi 8704ec2147 haproxy: correctly identify http traffic
2024-11-29 01:06:58 +01:00

81 lines
2.7 KiB
INI
Raw Permalink Blame History

global
log stdout format raw local0 debug
maxconn 20480
############# IMPORTANT #################################
## DO NOT SET CHROOT OTHERWISE YOU HAVE TO CHANGE THE ##
## acme-http01-webroot.lua file ##
# chroot /jail ##
#########################################################
lua-load /etc/haproxy/acme-http01-webroot.lua
#
# SSL options
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options ssl-min-ver TLSv1.2
tune.ssl.default-dh-param 4096
# workaround for bug #14 (Cert renewal blocks HAProxy indefinitely with Websocket connections)
hard-stop-after 3s
# DNS runt-time resolution on backend hosts
resolvers docker
nameserver dns "127.0.0.11:53"
defaults
log global
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
# option forwardfor
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
# never fail on address resolution
default-server init-addr last,libc,none
frontend http
bind *:80,[::]:80
mode http
acl url_acme_http01 path_beg /.well-known/acme-challenge/
http-request use-service lua.acme-http01 if METH_GET url_acme_http01
redirect scheme https code 301 if !{ ssl_fc }
frontend nginx_or_turn
bind *:443,:::443 ssl crt /etc/haproxy/certs/ ssl-min-ver TLSv1.2 alpn h2,http/1.1,stun.turn
mode tcp
option tcplog
tcp-request content capture req.payload(0,1) len 1
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq captured_user:%{+X}[capture.req.hdr(0)]"
tcp-request inspect-delay 30s
# We terminate SSL on haproxy. HTTP2 is a binary protocol. haproxy has to
# decide which protocol is spoken. This is negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
# If no ALPN value is set, the first byte is inspected and depending on the
# value traffic is sent to either port 81 or coturn.
use_backend nginx-http2 if { ssl_fc_alpn h2 }
use_backend nginx if { ssl_fc_alpn http/1.1 }
use_backend turn if { ssl_fc_alpn stun.turn }
use_backend %[capture.req.hdr(0),map_str(/etc/haproxy/protocolmap,turn)]
default_backend turn
backend turn
mode tcp
server localhost 10.7.7.1:3478 check
backend nginx
mode tcp
server localhost 10.7.7.1:48081 send-proxy check
backend nginx-http2
mode tcp
server localhost 10.7.7.1:48082 send-proxy check
Reference in New Issue View Git Blame Copy Permalink