installing firefox sync with HAproxy

Ryan Kelly rfkelly at mozilla.com
Wed Jan 17 20:25:13 UTC 2018


Frederic, thanks for reaching out.  Unfortunately we don't use HAproxy
internally and I'm not aware of anyone on the team with experience running
it, so I can't really offer any advice here.  But I wanted to reply just to
assure you that we're not ignoring you, we just don't have enough
familiarity with that tool to help out :-(


  Cheers,

     Ryan


On 12 January 2018 at 22:46, Frederic ALIAGA <frederic at lee-aliaga.fr> wrote:

> Hello,
>
> i try for several days to configure HAproxy to make it work with
> firefoxsync 1.5 (i've tried to find help on irc but people are busy !) to
> use ssl
>
> I read https://github.com/SynoCommunity/spksrc/wiki/
> Firefox-Sync-Server-1.5#ssl-configuration-with-haproxy
> but i don't understand (i'am french and it's really technical for me)
> i don't undestand :
>
>    - Add a new backend: name ffsync, server sync localhost:8132 check
>    - Add a new frontend: name sync, default backend ffsync and copy the
>    binds and options content from the https frontend. Change the port to
>    :8133. (Note that this step is needed if you want to be able to access
>    the sync service on the same port internally and externally with an
>    otherwise default setup of HAProxy. Otherwise, you may use the https
>    frontend, which runs on port 5443 internally.)
>    - Add a new association: frontend sync, backend ffsync, condition if {
>    hdr_beg(HOST) -i sync. }.
>
>
> below there is my haproxy.cfg, could you give me an example of this file
> please ? (if i have an example, i just have to change for my case)
>
> tx you very much for you help,
> Frederic
>
> global
>     log /dev/log    local0
>     log /dev/log    local1 notice
>     chroot /var/lib/haproxy
>     stats socket /run/haproxy/admin.sock mode 660 level admin
>     stats timeout 30s
>     user haproxy
>     group haproxy
>     daemon
>
>     # Default SSL material locations
>     ca-base /etc/ssl/certs
>     crt-base /etc/ssl/private
>
>     # Default ciphers to use on SSL-enabled listening sockets.
>     # For more information, see ciphers(1SSL). This list is from:
>     #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
>     ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+
> AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+
> AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
>     ssl-default-bind-options no-sslv3
>
> defaults
>     log    global
>     mode    http
>     option    httplog
>     option    dontlognull
>         timeout connect 5000
>         timeout client  50000
>         timeout server  50000
>     errorfile 400 /etc/haproxy/errors/400.http
>     errorfile 403 /etc/haproxy/errors/403.http
>     errorfile 408 /etc/haproxy/errors/408.http
>     errorfile 500 /etc/haproxy/errors/500.http
>     errorfile 502 /etc/haproxy/errors/502.http
>     errorfile 503 /etc/haproxy/errors/503.http
>     errorfile 504 /etc/haproxy/errors/504.http
>
> _______________________________________________
> Sync-dev mailing list
> Sync-dev at mozilla.org
> https://mail.mozilla.org/listinfo/sync-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/sync-dev/attachments/20180118/c12b892d/attachment.html>


More information about the Sync-dev mailing list