ansible/roles/rspamd/templates/rspamd.cfg.j2
genofire c18f53b8ea Add rspamd support.
Postfix uses the Rspamd proxy as spam filtering milter
and HAProxy exposes the Rspamd webinterface through HTTPS.

Updates #10
2020-10-26 23:46:16 +01:00

23 lines
856 B
Django/Jinja
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# {{ ansible_managed }}
frontend front_rspamd
log global
bind /var/run/haproxy/rspamd.https mode 600 user haproxy group haproxy ssl crt /usr/local/etc/haproxy/{{ ansible_fqdn }}.pem alpn h2,http/1.1 accept-proxy
http-request set-src src,ipmask(16,56)
use_backend back_rspamd
backend back_rspamd
server rspamd_controller /rspamd/controller
option forwardfor
http-request add-header X-Forwarded-Proto https
http-request add-header X-Forwarded-Port 443
backend sni_rspamd
mode tcp
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
tcp-response content accept if serverhello
option ssl-hello-chk
server rspamd_https /rspamd.https send-proxy