2026-03-12 21:01:38

tiddlywiki/HAProxy - configuration example with HTTP_HTTPS_SSH_VPN.txt

@@ -0,0 +1,54 @@
+-- host IP address is 192.168.0.8
+-- Apache use ports 9080/90443
+-- all HTTP requests on 80 will be redirected to 9080 except flower.databasepro.fr wich will go on 192.168.0.82:80
+-- incoming HTTP 443 requests will be redirected to 9433 except flower.databasepro.fr wich will go on 192.168.0.82:443
+-- incoming SSH requests on 443 port will be redirected to the port 22
+-- incoming OpenVPN requests on 443 port will be redirected to 192.168.0.9:1194
+
+
+frontend in_80
+    bind 192.168.0.8:80
+    default_backend out_80_default
+    # Define hosts
+    acl host_flower hdr(host) -i flower.databasepro.fr
+    # Figure out which one to use
+    use_backend out_80_flower if host_flower
+
+backend out_80_default
+    server sv1 192.168.0.8:9080 maxconn 32
+
+backend out_80_flower
+    server sv1 192.168.0.82:80 maxconn 32
+
+
+frontend in_443
+    bind 192.168.0.8:443
+    mode tcp
+    option tcplog
+    tcp-request inspect-delay 5s
+    tcp-request content accept if HTTP
+    # Define hosts
+    acl host_flower hdr(host) -i flower.databasepro.fr
+    # Figure out which one to use
+    use_backend out_443_flower if { req_ssl_sni -i flower.databasepro.fr }
+    use_backend out_443_https if { req.ssl_hello_type 1 }
+    use_backend out_ssh if  { payload(0,7) -m bin 5353482d322e30 }
+    default_backend openvpn
+
+backend out_443_flower
+    server sv1 192.168.0.82:443
+    mode tcp
+
+
+backend out_443_https
+    server sv1 192.168.0.8:9443
+    mode tcp
+
+backend openvpn
+    mode tcp
+    server openvpn-server 192.168.0.9:1194
+
+backend out_ssh
+    mode tcp
+    timeout server 2h
+    server ssh-local 192.168.0.8:22