installing firefox sync with HAproxy

Frederic ALIAGA frederic at lee-aliaga.fr
Fri Jan 12 11:46:31 UTC 2018


Hello,

i try for several days to configure HAproxy to make it work with firefoxsync 1.5 (i've tried to find help on irc but people are busy !) to use ssl

I readhttps://github.com/SynoCommunity/spksrc/wiki/Firefox-Sync-Server-1.5#ssl-configuration-with-haproxy
but i don't understand (i'am french and it's really technical for me)
i don't undestand :
Add a new backend: nameffsync, serversync localhost:8132 check
Add a new frontend: namesync, default backendffsyncand copy thebindsandoptionscontent from the https frontend. Change the port to:8133. (Note that this step is needed if you want to be able to access the sync service on the same port internally and externally with an otherwise default setup of HAProxy. Otherwise, you may use thehttpsfrontend, which runs on port 5443 internally.)
Add a new association: frontendsync, backendffsync, conditionif { hdr_beg(HOST) -i sync. }.



below there is my haproxy.cfg, could you give me an example of this file please ? (if i have an example, i just have to change for my case)

tx you very much for you help,
Frederic

global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
#https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3

defaults
logglobal
modehttp
optionhttplog
optiondontlognull
timeout connect 5000
timeout client50000
timeout server50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/sync-dev/attachments/20180112/d3859178/attachment.html>


More information about the Sync-dev mailing list