TLS Passthrough with new port listening and RPC filtering

@prtlin wrote:

Hello community!

Running into a problem with configuration for one web app hosted on one of our public IPs. This app receives Http POST information over a port to receive information (8081), and issue commands over the established tls tunnels. (osquery reporting + TLS )

Our design logic is that we set up HA proxy to separate the reporting port vs http login port for admins(8080). Basically hide the admin port from public, and only allow traffic from public with the correct HTTP header to go to the report port, which redirects the traffic to the admin port.

So I am trying to set up this on a server to test with HAProxy. This is the code I have so far for configurations:

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    # An alternative list with additional directives can be obtained from
    #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3
defaults
log global
mode tcp
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

listen fleet-canary
bind 0.0.0.0:8081
mode http
timeout connect 4000
timeout client 180000
timeout server 180000
server srv1 :8080

frontend localhost
bind *:8081
option tcplog
mode tcp
default_backend nodes

backend nodes
mode tcp
balance roundrobin
option ssl-hello-chk
server web01 :8080 check

Any help is appreciated. Thanks a bunch

Posts: 1

Participants: 1

Read full topic

TLS Passthrough with new port listening and RPC filtering

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

HANNAH ELIZABETH BYERS Arrested by Clackamas County Sheriff's Office on Jan...

Black Angus Grilled Artichokes

Windows Update / Microsoft Update の接続先 URL について

Family photograph inserted in Facebook by Mahindananda Aluthgamage

Kendal Mcclam

Update: Pro-Rated Mobile Golf Tour (Games)

McLaren MP4-12c GT3 @ Spa. Setup

Miley Cyrus – Something Beautiful – Pre-Single [iTunes Plus M4A]

Process Monitor で OS 起動時のログを採取する手順

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

NOTICE OF INVITATION TO BID FOR PAVING

Ko Droka na Bogi

Bureau of Internal Revenue: Regional Offices (Directory)

Zigi – U Sey Wey Tin ( Throw Back Thursday Hiplife )

Strong column weak beam check as per IS13920

Aoi Teshima – Mori no Chiisana Restaurant – Single [iTunes Plus M4A]

Solved CBSE Sample Papers for Class 9 English Set 1

BICHPOO / PURE BREAD

Best Suvichar in Hindi |बेस्ट सुविचार |शुभ विचार हिंदी में