Jake Howard
33fcf1a9e5
Apparently this has been broken since like March... It seems communication over port 8448 is required for server-to-server comms, even if the client doesn't use it.
41 lines
819 B
INI
41 lines
819 B
INI
global
|
|
log /dev/log local0
|
|
log /dev/log local1 notice
|
|
pidfile /run/haproxy.pid
|
|
stats timeout 30s
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
maxconn 10000
|
|
|
|
defaults
|
|
log global
|
|
mode http
|
|
option httplog
|
|
option dontlognull
|
|
|
|
listen https
|
|
bind *:443
|
|
mode tcp
|
|
timeout http-request 10m
|
|
timeout connect 10m
|
|
timeout client 10m
|
|
timeout server 10m
|
|
server default {{ wireguard.clients.ingress.ip }}:8443 send-proxy
|
|
|
|
listen http
|
|
bind *:80
|
|
stats enable
|
|
stats show-node
|
|
stats uri /haproxy
|
|
stats auth stats:{{ haproxy.stats_pass }}
|
|
timeout http-request 10m
|
|
timeout connect 10m
|
|
timeout client 10m
|
|
timeout server 10m
|
|
server default {{ wireguard.clients.ingress.ip }}:880 check
|
|
|
|
listen matrix
|
|
bind *:8448
|
|
mode tcp
|
|
server default {{ wireguard.clients.ingress.ip }}:8443 send-proxy
|