ansible/roles/rspamd/templates/rspamd.cfg.j2

24 lines
856 B
Plaintext
Raw Normal View History

# {{ ansible_managed }}
frontend front_rspamd
log global
bind /var/run/haproxy/rspamd.https mode 600 user haproxy group haproxy ssl crt /usr/local/etc/haproxy/{{ ansible_fqdn }}.pem alpn h2,http/1.1 accept-proxy
http-request set-src src,ipmask(16,56)
use_backend back_rspamd
backend back_rspamd
server rspamd_controller /rspamd/controller
option forwardfor
http-request add-header X-Forwarded-Proto https
http-request add-header X-Forwarded-Port 443
backend sni_rspamd
mode tcp
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
tcp-response content accept if serverhello
option ssl-hello-chk
server rspamd_https /rspamd.https send-proxy