mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-26 07:57:56 +03:00
HAProxy split trustedProxy into secondary section
mini explanation on when to use trustedProxy instead of tlsOffload
This commit is contained in:
parent
6b4179c20c
commit
494c7da0a7
@ -1,12 +1,10 @@
|
|||||||
# Uses proxy protocol in HAProxy in combination with SNI to preserve the original host address
|
# Uses proxy protocol in HAProxy in combination with SNI to preserve the original host address
|
||||||
# Update the config.json to work with HAProxy
|
# Update the config.json to work with HAProxy
|
||||||
|
# Specify the IP addrehostname that the traffic will come from HAProxy (this might not be the address that is bound to the listener)
|
||||||
|
# "tlsOffload": "10.1.1.10",
|
||||||
#
|
#
|
||||||
# Specify the hostname and port that has the public certificate
|
# Specify the HAPRoxy URL with the hostname to get the certificate
|
||||||
# "tlsOffload": "https://mc.publicdomain.com:443",
|
# "certUrl": "https://mc.publicdomain.com:443/"
|
||||||
#
|
|
||||||
# Specify the IP address of the HAProxy instance (this might not be the address that is bound to the listener).
|
|
||||||
# "TrustedProxy": "10.1.1.10",
|
|
||||||
|
|
||||||
|
|
||||||
frontend sni-front
|
frontend sni-front
|
||||||
bind 10.1.1.10:443
|
bind 10.1.1.10:443
|
||||||
@ -38,3 +36,9 @@ backend mc-back-HTTPS
|
|||||||
option http-server-close
|
option http-server-close
|
||||||
server mc-01 10.1.1.30:443 check port 443 verify none
|
server mc-01 10.1.1.30:443 check port 443 verify none
|
||||||
|
|
||||||
|
# In the event that it is required to have TLS between HAProxy and Meshcentral,
|
||||||
|
# Remove the tls_Offload line and replace with trustedProxy
|
||||||
|
# Specify the IP addrehostname that the traffic will come from HAProxy (this might not be the address that is bound to the listener)
|
||||||
|
# "trustedProxy": "10.1.1.10",
|
||||||
|
# and change the last line of backend mc-back-HTTPS to use HTTPS by adding the ssl keyword
|
||||||
|
# server mc-01 10.1.1.30:443 check ssl port 443 verify none
|
||||||
|
Loading…
Reference in New Issue
Block a user