techotaku · December 27, 2024 15:36 · techotaku · Aug 13, 2017
diff --git a/haproxy.cfg b/haproxy.cfg
 defaults
    timeout connect 5s
    timeout client 24h
    timeout server 24h

 global
    log /dev/log local0

 frontend ssl
    log global
    mode tcp
    option tcplog
    option dontlognull
    bind 0.0.0.0:443

    tcp-request inspect-delay 3s
    tcp-request content accept if { req.ssl_hello_type 1 }

    acl tls req.ssl_hello_type 1
    acl has_sni req.ssl_sni -m found

    use_backend ocserv if tls !has_sni
    use_backend shadowsocksr if tls { req.ssl_sni -i your.tls.obfuscation.domain }
    use_backend nginx if tls has_sni
    default_backend nginx

 backend ocserv
    mode tcp
    server sslvpn ocserv:443 send-proxy-v2

 backend nginx
    mode tcp
    timeout server 5m
    server webserver nginx:443 send-proxy

 backend shadowsocksr
    mode tcp
    server socks ssr:443
	defaults
	timeout connect 5s
	timeout client 24h
	timeout server 24h

	global
	log /dev/log local0

	frontend ssl
	log global
	mode tcp
	option tcplog
	option dontlognull
	bind 0.0.0.0:443

	tcp-request inspect-delay 3s
	tcp-request content accept if { req.ssl_hello_type 1 }

	acl tls req.ssl_hello_type 1
	acl has_sni req.ssl_sni -m found

	use_backend ocserv if tls !has_sni
	use_backend shadowsocksr if tls { req.ssl_sni -i your.tls.obfuscation.domain }
	use_backend nginx if tls has_sni
	default_backend nginx

	backend ocserv
	mode tcp
	server sslvpn ocserv:443 send-proxy-v2

	backend nginx
	mode tcp
	timeout server 5m
	server webserver nginx:443 send-proxy

	backend shadowsocksr
	mode tcp
	server socks ssr:443