diff options
| -rw-r--r-- | frontends/etc/relayd.conf.tpl | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl index 90a0266..a8f834a 100644 --- a/frontends/etc/relayd.conf.tpl +++ b/frontends/etc/relayd.conf.tpl @@ -34,16 +34,22 @@ http protocol "https" { next if $host eq 'blowfish.buetow.org' or $host eq 'fishfinger.buetow.org'; # Skip ipv4/ipv6 subdomains - they use the parent cert as SANs next if $host =~ /^(ipv4|ipv6)\./; - -%> - tls keypair <%= $host %> - <% unless (grep { $_ eq $host } @$f3s_hosts) { -%> - tls keypair standby.<%= $host %> - <% } -%> - <% } -%> - tls keypair <%= $hostname.'.'.$domain -%> - - # Enable WebSocket support - http websockets + -%> + tls keypair <%= $host %> + <% unless (grep { $_ eq $host } @$f3s_hosts) { -%> + tls keypair standby.<%= $host %> + <% } -%> + <% } -%> + tls keypair <%= $hostname.'.'.$domain -%> + + # Enable WebSocket support + http websockets + + # Connection pooling and keepalive for better performance + persist + timeout connect 5s + timeout http_request 10s + timeout http_keepalive 60s match request header set "X-Forwarded-For" value "$REMOTE_ADDR" match request header set "X-Forwarded-Proto" value "https" |