moved haproxy config to /apps

locked haproxy to 10.0.64.22
2026-04-12 22:27:40 +03:00 · 2026-04-12 22:27:40 +03:00 · 9905d1a175
parent 19fabebeac
commit 9905d1a175
2 changed files with 34 additions and 2 deletions
--- a/haproxy/compose.yaml
+++ b/haproxy/compose.yaml
@ -5,11 +5,11 @@ services:
    restart: always
    ports:
      # - 80:80 # 80 is for caddy
-      - 443:443
+      - 10.0.64.22:443:443
      # - 8404:8404
    volumes:
      # - /docker/data/haproxy/etc:/usr/local/etc/haproxy:ro
-      - /docker/data/haproxy/etc/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
+      - ./config/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
    networks:
      - default
 networks:
--- a/haproxy/config/haproxy.cfg
+++ b/haproxy/config/haproxy.cfg
@ -0,0 +1,32 @@
+global
+    log /dev/log local0
+    maxconn 10000
+    daemon
+
+defaults
+    log global
+    mode tcp
+    option tcplog
+    timeout connect 5s
+    timeout client  60s
+    timeout server  60s
+
+frontend https_in
+    bind 0.0.0.0:443
+    mode tcp
+
+    # Inspect TLS ClientHello
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+
+    # Routing by SNI
+    use_backend reality_backend if { req.ssl_sni -i www.wikipedia.org }
+    default_backend caddy_backend
+
+backend caddy_backend
+    mode tcp
+    server caddy caddy:443
+
+backend reality_backend
+    mode tcp
+    server xray 10.0.64.6:443