global log stderr local0 maxconn 4096 user proxy group proxy ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ssl-dh-param-file /ssl/dhparam.pem defaults log global option dontlognull retries 3 option redispatch maxconn 2000 timeout connect 5000 timeout client 50000 timeout server 50000 option tcplog frontend fossil-in bind 127.0.0.1:42069 ssl crt /ssl/fossil.se30.xyz.pem mode http acl root_req path / http-response set-header Strict-Transport-Security max-age=63072000 redirect location "https://se30.xyz/" code 301 if root_req default_backend fossilhttp backend fossilhttp mode http server fossil0 127.0.0.1:8080 frontend https-in bind :443 mode tcp tcp-request inspect-delay 2s acl is_ssl req_ssl_ver 2:3.3 acl is_fossil req_ssl_sni -i -m str fossil.se30.xyz tcp-request content accept if is_ssl use_backend fossilprox if is_fossil default_backend httpdssl backend httpdssl mode tcp server nginxssl0 127.0.0.1:4443 send-proxy backend fossilprox mode tcp server prox0 127.0.0.1:42069