From 0bc938873ff3230d68989d38035195a7ba68ce4a Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Mon, 25 Dec 2023 05:29:51 +0100 Subject: [PATCH] Add HAProxy example for single port operation The existing example does not highlight SNI as being of importance, due to "default_backend" being used. Signed-off-by: Georg Pfuetzenreuter --- changelog.d/16768.doc | 1 + docs/reverse_proxy.md | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 changelog.d/16768.doc diff --git a/changelog.d/16768.doc b/changelog.d/16768.doc new file mode 100644 index 00000000000..4f574c2ac67 --- /dev/null +++ b/changelog.d/16768.doc @@ -0,0 +1 @@ +Add HAProxy example for single port operation to reverse proxy documentation. Contributed by Georg Pfuetzenreuter (@tacerus). diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md index de72fbde967..7128af114e9 100644 --- a/docs/reverse_proxy.md +++ b/docs/reverse_proxy.md @@ -186,6 +186,25 @@ Example configuration, if using a UNIX socket. The configuration lines regarding backend matrix server matrix unix@/run/synapse/main_public.sock ``` +Example configuration when using a single port for both client and federation traffic. +``` +frontend https + bind *:443,[::]:443 ssl crt /etc/ssl/haproxy/ strict-sni alpn h2,http/1.1 + http-request set-header X-Forwarded-Proto https if { ssl_fc } + http-request set-header X-Forwarded-Proto http if !{ ssl_fc } + http-request set-header X-Forwarded-For %[src] + + acl matrix-host hdr(host) -i matrix.example.com matrix.example.com:443 + acl matrix-sni ssl_fc_sni matrix.example.com + acl matrix-path path_beg /_matrix + acl matrix-path path_beg /_synapse/client + + use_backend matrix if matrix-host matrix-path + use_backend matrix if matrix-sni + +backend matrix + server matrix 127.0.0.1:8008 +``` [Delegation](delegate.md) example: ```