infrastructure/ansible/roles/gateway/files/haproxy.cfg
Jake Howard 29c9e14f62
Remove haproxy chroot
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
2020-10-05 11:10:29 +01:00

45 lines
890 B
INI

global
log /dev/log local0
log /dev/log local1 notice
pidfile /run/haproxy.pid
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 10000
defaults
log global
mode http
option httplog
option dontlognull
listen https
bind *:443
mode tcp
timeout http-request 10m
timeout connect 10m
timeout client 10m
timeout server 10m
server default {{ wireguard.clients.intersect.ip }}:443 send-proxy
listen http
bind *:80
stats enable
stats show-node
stats uri /haproxy
stats auth stats:{{ haproxy.stats_pass }}
timeout http-request 10m
timeout connect 10m
timeout client 10m
timeout server 10m
server default {{ wireguard.clients.intersect.ip }}:80 check
{% for port in haproxy.exposed_ports %}
listen expose_{{ port }}
bind *:{{ port }}
mode tcp
server default {{ wireguard.clients.intersect.ip }}:{{ port }}
{% endfor %}