Module Details: haproxy (v4) - InspIRCd Documentation

The "haproxy" Module (v4)

Description

This module allows IRC connections to be made using reverse proxies that implement version 2 of the HAProxy PROXY protocol.

Configuration

To load this module use the following <module> tag:

<module name="haproxy">

`<bind>`

This module extends the core <bind> tags with the following hook types:

Name	Description
haproxy	Listens for haproxy connections.

Example Usage

Listens for plaintext haproxy connections on the /run/inspircd/haproxy.sock UNIX socket endpoint:

<bind path="/run/inspircd/haproxy.sock"
      ...
      hook="haproxy">

Listens for plaintext haproxy connections on the 127.0.0.1:29583 endpoint:

<bind address="127.0.0.1"
      port="29583"
      ...
      hook="haproxy">

Special Notes

If you are using this module you must terminate TLS connections at your reverse proxy.

HAProxy does not forward client TLS certificate fingerprints by default which breaks SASL EXTERNAL. Since v4.11.0 you can configure it to send a custom TLV containing the TLS fingerprint using a configuration similar to this:

server inspircd_sha1   <ip>:<port> send-proxy-v2-ssl set-proxy-v2-tlv-fmt(0xe0) "%[ssl_c_der,sha1,hex,lower]"
server inspircd_sha256 <ip>:<port> send-proxy-v2-ssl set-proxy-v2-tlv-fmt(0xe0) "%[ssl_c_der,sha2(256),hex,lower]"
server inspircd_sha512 <ip>:<port> send-proxy-v2-ssl set-proxy-v2-tlv-fmt(0xe0) "%[ssl_c_der,sha2(512),hex,lower]"

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search