Skip to main content

Knocknoc server behind HAproxy

Running Knocknoc behind HAproxy could be a great option for people with existing HAproxy deployments, or who want to unify certificate and other management tasks.

Here is a sample HAproxy config for Knocknoc as a backend:

frontend Sol1WebApp-Frontend
  bind 0.0.0.0:443 ssl crt /etc/ssl/private/star.sol1.net alpn h2 crt
  bind 0.0.0.0:80
  mode http
  option forwardfor
  acl is_websocket hdr(Upgrade) -i WebSocket
  acl is_websocket hdr_beg(Host) -i ws
  acl hdr_knocknoc hdr(host) -m beg -i knocknoc.sol1.net
  http-request set-header X-Forwarded-Proto https if { ssl_fc }
  http-request redirect scheme https unless { ssl_fc }
  use_backend knocknoc if hdr_knocknoc
  default_backend access_denied

backend access_denied
  mode http
  balance roundrobin
  errorfile 403 /var/www/403.http
  
backend knocknoc
  description Knocknoc
  mode http
  balance roundrobin
  option httpchk HEAD / HTTP/1.1\r\nHost:localhost
  option forwardfor
  server knocknoc 127.0.0.1:8756 check ssl verify none