genofire
c18f53b8ea
Postfix uses the Rspamd proxy as spam filtering milter and HAProxy exposes the Rspamd webinterface through HTTPS. Updates #10
23 lines
856 B
Django/Jinja
23 lines
856 B
Django/Jinja
# {{ ansible_managed }}
|
||
|
||
frontend front_rspamd
|
||
log global
|
||
bind /var/run/haproxy/rspamd.https mode 600 user haproxy group haproxy ssl crt /usr/local/etc/haproxy/{{ ansible_fqdn }}.pem alpn h2,http/1.1 accept-proxy
|
||
http-request set-src src,ipmask(16,56)
|
||
use_backend back_rspamd
|
||
|
||
backend back_rspamd
|
||
server rspamd_controller /rspamd/controller
|
||
option forwardfor
|
||
http-request add-header X-Forwarded-Proto https
|
||
http-request add-header X-Forwarded-Port 443
|
||
|
||
backend sni_rspamd
|
||
mode tcp
|
||
acl clienthello req_ssl_hello_type 1
|
||
acl serverhello rep_ssl_hello_type 2
|
||
tcp-request inspect-delay 5s
|
||
tcp-request content accept if clienthello
|
||
tcp-response content accept if serverhello
|
||
option ssl-hello-chk
|
||
server rspamd_https /rspamd.https send-proxy
|