https-reverse-proxy/haproxy.yaml at master · labteral/https-reverse-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
---
global:
  daemon:
  maxconn: 10000
  nbthread: 4
  tune.ssl.default-dh-param: 2048
  ssl-server-verify: none
  ssl-default-server-options: no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
  ssl-default-server-ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  ssl-default-server-ciphersuites: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

  # ssl-default-bind-options: force-tlsv13
  # ssl-default-bind-ciphersuites: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

defaults:
  option:
    http-server-close: ""
    forwardfor: ""
    http-pretend-keepalive: ""
  mode: http
  timeout:
    connect: 30s
    client: 2h
    server: 2h