panda-roux-dev · May 25, 2021 20:22
diff --git a/haproxy.cfg b/haproxy.cfg
 global
        log 127.0.0.1:1312 local0

        # generated 2021-05-25, Mozilla Guideline v5.6, HAProxy 2.3.10, OpenSSL 1.1.1.k-1, modern configuration
        # https://ssl-config.mozilla.org/#server=haproxy&version=2.3.10&config=modern&openssl=1.1.1.k-1&guideline=5.6
        # modern configuration
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
        ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets

        maxconn     20000
        user        haproxy
        chroot      /usr/share/haproxy
        pidfile     /run/haproxy.pid
        daemon

 frontend gemini
        bind :1965
        mode tcp
        maxconn 256
        timeout client 10s
        option tcplog
        log global
        log-format "%f->%b %ci:%cp"

        # not sure if/why this is necessary
        tcp-request inspect-delay 5s

        tcp-request content capture req.payload(0,25) len 25

        # search for the string 'panda-roux.dev' in the TCP buffer; how does it read this if it's encrypted??
        acl use_pandaroux req.payload(0,0),hex -m sub 67656D696E692E70616E64612D726F75782E646576

        # search for the string 'inu.red' in the TCP buffer
        acl use_inured req.payload(0,0),hex -m sub 696E752E726564

        use_backend pandaroux if use_pandaroux
        use_backend inured if use_inured

 backend pandaroux
        mode    tcp
        timeout connect 5s
        timeout server 5s
        server  pandaroux ::1:1994

 backend inured
        mode    tcp
        timeout connect 5s
        timeout server 5s
        server  inured ::1:2019
	global
	log 127.0.0.1:1312 local0

	# generated 2021-05-25, Mozilla Guideline v5.6, HAProxy 2.3.10, OpenSSL 1.1.1.k-1, modern configuration
	# https://ssl-config.mozilla.org/#server=haproxy&version=2.3.10&config=modern&openssl=1.1.1.k-1&guideline=5.6
	# modern configuration
	ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
	ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
	ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets

	maxconn 20000
	user haproxy
	chroot /usr/share/haproxy
	pidfile /run/haproxy.pid
	daemon

	frontend gemini
	bind :1965
	mode tcp
	maxconn 256
	timeout client 10s
	option tcplog
	log global
	log-format "%f->%b %ci:%cp"

	# not sure if/why this is necessary
	tcp-request inspect-delay 5s

	tcp-request content capture req.payload(0,25) len 25

	# search for the string 'panda-roux.dev' in the TCP buffer; how does it read this if it's encrypted??
	acl use_pandaroux req.payload(0,0),hex -m sub 67656D696E692E70616E64612D726F75782E646576

	# search for the string 'inu.red' in the TCP buffer
	acl use_inured req.payload(0,0),hex -m sub 696E752E726564

	use_backend pandaroux if use_pandaroux
	use_backend inured if use_inured

	backend pandaroux
	mode tcp
	timeout connect 5s
	timeout server 5s
	server pandaroux ::1:1994

	backend inured
	mode tcp
	timeout connect 5s
	timeout server 5s
	server inured ::1:2019