Skip to content

Commit

Permalink
Add HAProxy example for single port operation
Browse files Browse the repository at this point in the history
The existing example does not highlight SNI as being of importance,
due to "default_backend" being used.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
  • Loading branch information
tacerus committed Dec 25, 2023
1 parent 8a50312 commit 36780dd
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
1 change: 1 addition & 0 deletions changelog.d/16768.doc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add HAProxy example for single port operation to reverse proxy documentation. Contributed by Georg Pfuetzenreuter (@tacerus).
19 changes: 19 additions & 0 deletions docs/reverse_proxy.md
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,25 @@ Example configuration, if using a UNIX socket. The configuration lines regarding
backend matrix
server matrix unix@/run/synapse/main_public.sock
```
Example configuration when using a single port for both, client and federation traffic.
```
frontend https
bind *:443,[::]:443 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-For %[src]
acl matrix-host hdr(host) -i matrix.example.com matrix.example.com:443
acl matrix-sni ssl_fc_sni matrix.example.com
acl matrix-path path_beg /_matrix
acl matrix-path path_beg /_synapse/client
use_backend matrix if matrix-host matrix-path
use_backend matrix if matrix-sni
backend matrix
server matrix 127.0.0.1:8008
```

[Delegation](delegate.md) example:
```
Expand Down

0 comments on commit 36780dd

Please sign in to comment.