Josh Knapp
6cd64295d2
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 52s
Creates two backends per domain: 1. Regular backend - Uses http-server-close for better security and connection management (prevents connection exhaustion attacks) 2. SSE backend - Optimized for Server-Sent Events with: - no option http-server-close (allows long-lived connections) - option http-no-delay (immediate data transmission) - 6-hour timeouts (supports long streaming sessions) Frontend routing logic: - Detects SSE via Accept: text/event-stream header or ?action=stream param - Routes SSE traffic to SSE-optimized backend - Routes regular HTTP traffic to standard secure backend This approach provides full SSE support while maintaining security for regular HTTP traffic (preventing DDoS/connection flooding attacks). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
39 lines
1.8 KiB
Smarty
39 lines
1.8 KiB
Smarty
|
|
# Regular HTTP backend - uses http-server-close for better security and connection management
|
|
backend {{ name }}-backend
|
|
option forwardfor
|
|
# Pass the real client IP to backend (from proxy headers or direct connection)
|
|
# This is crucial for container-level logging and security tools
|
|
http-request add-header X-CLIENT-IP %[var(txn.real_ip)]
|
|
http-request set-header X-Real-IP %[var(txn.real_ip)]
|
|
http-request set-header X-Forwarded-For %[var(txn.real_ip)]
|
|
{% if ssl_enabled %}http-request set-header X-Forwarded-Proto https if { ssl_fc }{% endif %}
|
|
|
|
{% for server in servers %}
|
|
server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }}
|
|
{% endfor %}
|
|
|
|
# SSE-specific backend - optimized for Server-Sent Events long-lived connections
|
|
backend {{ name }}-sse-backend
|
|
# Disable http-server-close to allow SSE long-lived connections
|
|
no option http-server-close
|
|
|
|
# Enable http-no-delay for immediate data transmission
|
|
option http-no-delay
|
|
|
|
# Extended timeouts to support SSE long-lived connections (up to 6 hours)
|
|
# Note: SSE sends keepalives every 1 second, so timeout only triggers if backend hangs
|
|
timeout server 6h
|
|
timeout http-keep-alive 6h
|
|
|
|
option forwardfor
|
|
# Pass the real client IP to backend (from proxy headers or direct connection)
|
|
http-request add-header X-CLIENT-IP %[var(txn.real_ip)]
|
|
http-request set-header X-Real-IP %[var(txn.real_ip)]
|
|
http-request set-header X-Forwarded-For %[var(txn.real_ip)]
|
|
{% if ssl_enabled %}http-request set-header X-Forwarded-Proto https if { ssl_fc }{% endif %}
|
|
|
|
{% for server in servers %}
|
|
server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }}
|
|
{% endfor %}
|