yangwe1 · October 31, 2019 03:47
diff --git a/haproxy.cfg b/haproxy.cfg
 defaults
    timeout connect 5s
    timeout client 24h
    timeout server 24h

 global
    log /dev/log local0

 frontend ssl
    log global
    mode tcp
    option tcplog
    option dontlognull
    bind 0.0.0.0:443

    tcp-request inspect-delay 3s
    tcp-request content accept if { req.ssl_hello_type 1 }

    acl tls req.ssl_hello_type 1
    acl has_sni req.ssl_sni -m found
    acl ssh_payload payload(0,7) -m bin 5353482d322e30

    use_backend ocserv if tls !has_sni
    use_backend shadowsocksr if tls { req.ssl_sni -i your.tls.obfuscation.domain }
    use_backend nginx if tls has_sni
    use_backend openssh if ssh_payload
    use_backend openssh if !tls { req.len 0 }
    default_backend nginx

 backend openssh
    mode tcp
    timeout server 3h
    server openssh your.host.internal.ip:22

 backend ocserv
    mode tcp
    server sslvpn ocserv:443 send-proxy-v2

 backend nginx
    mode tcp
    timeout server 5m
    server webserver nginx:443 send-proxy

 backend shadowsocksr
    mode tcp
    server socks ssr:443
	defaults
	timeout connect 5s
	timeout client 24h
	timeout server 24h

	global
	log /dev/log local0

	frontend ssl
	log global
	mode tcp
	option tcplog
	option dontlognull
	bind 0.0.0.0:443

	tcp-request inspect-delay 3s
	tcp-request content accept if { req.ssl_hello_type 1 }

	acl tls req.ssl_hello_type 1
	acl has_sni req.ssl_sni -m found
	acl ssh_payload payload(0,7) -m bin 5353482d322e30

	use_backend ocserv if tls !has_sni
	use_backend shadowsocksr if tls { req.ssl_sni -i your.tls.obfuscation.domain }
	use_backend nginx if tls has_sni
	use_backend openssh if ssh_payload
	use_backend openssh if !tls { req.len 0 }
	default_backend nginx

	backend openssh
	mode tcp
	timeout server 3h
	server openssh your.host.internal.ip:22

	backend ocserv
	mode tcp
	server sslvpn ocserv:443 send-proxy-v2

	backend nginx
	mode tcp
	timeout server 5m
	server webserver nginx:443 send-proxy

	backend shadowsocksr
	mode tcp
	server socks ssr:443