HarlemSquirrel · November 29, 2018 02:27
diff --git a/haproxy.cfg b/haproxy.cfg
 # /etc/haproxy/haproxy.cfg
 global
        maxconn 4096
        user haproxy
        group haproxy
        daemon
        log 127.0.0.1 local0 debug

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        # An alternative list with additional directives can be obtained from
        #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

 defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option redispatch
        option http-server-close
        option forwardfor
        maxconn 2000
        timeout connect 5s
        timeout client  15min
        timeout server  15min

 frontend public
        bind :::80 v4v6 
        bind :::443 v4v6 ssl crt /etc/ssl/snakeoil.pem
        use_backend webcam if { path_beg /webcam/ }
        #reqadd X-Forwarded-Proto:\ https
        default_backend octoprint

 backend octoprint
        reqrep ^([^\ :]*)\ /(.*)     \1\ /\2
        reqadd X-Scheme:\ https if { ssl_fc }
        option forwardfor
        server octoprint1 127.0.0.1:5000

 backend webcam
        reqrep ^([^\ :]*)\ /webcam/(.*)     \1\ /\2
        server webcam1  127.0.0.1:8080
	# /etc/haproxy/haproxy.cfg
	global
	maxconn 4096
	user haproxy
	group haproxy
	daemon
	log 127.0.0.1 local0 debug

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL). This list is from:
	# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
	# An alternative list with additional directives can be obtained from
	# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
	ssl-default-bind-options no-sslv3

	defaults
	log global
	mode http
	option httplog
	option dontlognull
	retries 3
	option redispatch
	option http-server-close
	option forwardfor
	maxconn 2000
	timeout connect 5s
	timeout client 15min
	timeout server 15min

	frontend public
	bind :::80 v4v6
	bind :::443 v4v6 ssl crt /etc/ssl/snakeoil.pem
	use_backend webcam if { path_beg /webcam/ }
	#reqadd X-Forwarded-Proto:\ https
	default_backend octoprint

	backend octoprint
	reqrep ^([^\ :])\ /(.) \1\ /\2
	reqadd X-Scheme:\ https if { ssl_fc }
	option forwardfor
	server octoprint1 127.0.0.1:5000

	backend webcam
	reqrep ^([^\ :])\ /webcam/(.) \1\ /\2
	server webcam1 127.0.0.1:8080