Cavemanon/haproxy-protection
9
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

set ssl verify none on template servers

Browse Source 
make trace for debug plain for no xss and add ms to timestamp
This commit is contained in:
Thomas Lynch
2022-01-02 01:31:21 +11:00
parent 9787471004
commit 52da926ed2
3 changed files with 10 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docker-compose.yml
View File

@@ -19,7 +19,7 @@ services:
- ./haproxy/backends.map:/etc/haproxy/backends.map - ./haproxy/backends.map:/etc/haproxy/backends.map
- ./haproxy/blocked.map:/etc/haproxy/blocked.map - ./haproxy/blocked.map:/etc/haproxy/blocked.map
- ./haproxy/dataplaneapi.hcl:/etc/haproxy/dataplaneapi.hcl - ./haproxy/dataplaneapi.hcl:/etc/haproxy/dataplaneapi.hcl
- ./haproxy/trace.html:/etc/haproxy/trace.html - ./haproxy/trace.txt:/etc/haproxy/trace.txt
- ./src/scripts/:/etc/haproxy/scripts/ - ./src/scripts/:/etc/haproxy/scripts/
- ./src/libs/:/etc/haproxy/libs/ - ./src/libs/:/etc/haproxy/libs/
- ./haproxy/js/:/var/www/js/ - ./haproxy/js/:/var/www/js/
@@ -32,9 +32,9 @@ services:
- BUCKET_DURATION=43200 - BUCKET_DURATION=43200
- BACKEND_NAME=servers - BACKEND_NAME=servers
- SERVER_PREFIX=websrv - SERVER_PREFIX=websrv
nginx: # nginx:
ports: # ports:
- 81:80 # - 81:80
image: "nginx:latest" # image: "nginx:latest"
volumes: # volumes:
- ./nginx:/usr/share/nginx/html # - ./nginx:/usr/share/nginx/html

4
haproxy/haproxy.cfg
View File

@@ -23,7 +23,7 @@ frontend http-in
http-request silent-drop unless is_existing_vhost http-request silent-drop unless is_existing_vhost
#debug only, /cdn-cgi/trace #debug only, /cdn-cgi/trace
#http-request return status 200 content-type "text/html; charset=utf-8" lf-file /etc/haproxy/trace.html if { path /cdn-cgi/trace } #http-request return status 200 content-type "text/plain; charset=utf-8" lf-file /etc/haproxy/trace.txt if { path /cdn-cgi/trace }
# acl for blocked IPs/subnets # acl for blocked IPs/subnets
acl blocked_ip_or_subnet src,map_ip(/etc/haproxy/blocked.map) -m found acl blocked_ip_or_subnet src,map_ip(/etc/haproxy/blocked.map) -m found
@@ -75,7 +75,7 @@ backend servers
http-response cache-store basic_cache if can_cache http-response cache-store basic_cache if can_cache
# placeholder servers, activated by LUA or the control panel # placeholder servers, activated by LUA or the control panel
server-template websrv 1-100 0.0.0.0:80 check disabled server-template websrv 1-100 0.0.0.0:80 check disabled ssl verify none
# use server based on hostname # use server based on hostname
use-server %[req.hdr(host),lower,map(/etc/haproxy/backends.map)] if TRUE use-server %[req.hdr(host),lower,map(/etc/haproxy/backends.map)] if TRUE

13
haproxy/trace.html → haproxy/trace.txt
View File

@@ -1,12 +1,4 @@
<!DOCTYPE html> ts=%Ts.%ms
<html lang="en">
<head>
<meta charset="utf-8" />
<title>trace</title>
</head>
<body>
<pre>
ts=%Ts
h=%[hdr(host)] h=%[hdr(host)]
ip=%ci ip=%ci
uag=%[req.fhdr(user-agent)] uag=%[req.fhdr(user-agent)]
@@ -16,6 +8,3 @@ tlsv=%sslv
sni=%[ssl_fc_sni] sni=%[ssl_fc_sni]
vey_id=%[env(RAY_ID)] vey_id=%[env(RAY_ID)]
bucket=%[env(BUCKET_DURATION)] bucket=%[env(BUCKET_DURATION)]
</pre>
</body>
</html>