mirror of https://dev.ccchb.de/ccchb/ansible.git
24 lines
856 B
Plaintext
24 lines
856 B
Plaintext
|
# {{ ansible_managed }}
|
|||
|
|
|||
|
frontend front_rspamd
|
|||
|
log global
|
|||
|
bind /var/run/haproxy/rspamd.https mode 600 user haproxy group haproxy ssl crt /usr/local/etc/haproxy/{{ ansible_fqdn }}.pem alpn h2,http/1.1 accept-proxy
|
|||
|
http-request set-src src,ipmask(16,56)
|
|||
|
use_backend back_rspamd
|
|||
|
|
|||
|
backend back_rspamd
|
|||
|
server rspamd_controller /rspamd/controller
|
|||
|
option forwardfor
|
|||
|
http-request add-header X-Forwarded-Proto https
|
|||
|
http-request add-header X-Forwarded-Port 443
|
|||
|
|
|||
|
backend sni_rspamd
|
|||
|
mode tcp
|
|||
|
acl clienthello req_ssl_hello_type 1
|
|||
|
acl serverhello rep_ssl_hello_type 2
|
|||
|
tcp-request inspect-delay 5s
|
|||
|
tcp-request content accept if clienthello
|
|||
|
tcp-response content accept if serverhello
|
|||
|
option ssl-hello-chk
|
|||
|
server rspamd_https /rspamd.https send-proxy
|