ei
/
mtg
mirror of https://github.com/9seconds/mtg
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 48 Wiki Activity
Highly-opinionated (ex-bullshit-free) MTPROTO proxy for Telegram. If you use v1.0 or upgrade broke you proxy, please read the chapter Version 2
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1113 Commits
4 Branches
Tree: fc0ab916bc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fc0ab916bc'
${ noResults }
mtg/contrib/sni-router/Caddyfile

Caddyfile 874B
History Raw

123456789101112131415161718192021222324252627282930 
  1. {

  2. 	# Caddy sits behind HAProxy which passes raw TLS through on :8443.

  3. 	# ACME HTTP-01 challenges arrive on :80 via HAProxy's acl passthrough.

  4. 	http_port 80

  5. 	https_port 8443

  6. 

  7. 	# HAProxy forwards connections to :8443 with a PROXY protocol v2

  8. 	# header (see haproxy.cfg `send-proxy-v2`).  The proxy_protocol

  9. 	# listener wrapper strips the header and exposes the real client IP

  10. 	# to Caddy's access log.  The `tls` wrapper must follow so that TLS

  11. 	# is terminated on the unwrapped connection.

  12. 	#

  13. 	# `allow` lists the networks permitted to send PROXY headers.  These

  14. 	# ranges cover docker compose's default bridge networks; tighten

  15. 	# them if you pin a specific subnet in docker-compose.yml.

  16. 	servers :8443 {

  17. 		listener_wrappers {

  18. 			proxy_protocol {

  19. 				timeout 5s

  20. 				allow 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

  21. 			}

  22. 			tls

  23. 		}

  24. 	}

  25. }

  26. 

  27. {$DOMAIN} {

  28. 	root * /srv

  29. 	file_server

  30. }