haproxy traffic

Unix and Linux Discussions Tagged with haproxy traffic
	Thread / Thread Starter	Last Post	Replies	Views	Forum
	Ha mailserver, is possible active/active with "constant" connection? Linusolaradm1	04-13-2020 by Linusolaradm1	4	7,731	UNIX for Advanced & Expert Users
	Proxy traffic consumption baris35	01-21-2019 by baris35	6	1,305	UNIX for Advanced & Expert Users

LEARN ABOUT DEBIAN

stud

STUD(8) 						    BSD System Manager's Manual 						   STUD(8)

NAME

     stud -- The Scalable TLS Unwrapping Daemon

SYNOPSIS

     stud [--tls] [--ssl] [-c ciphers] [-b host,port] [-f host,port] [-n cores] [-r path] [-u username] [--write-ip] [--write-proxy]
	  certificate.pem

DESCRIPTION

     stud is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend.	It's designed to handle
     10s of thousands of connections efficiently on multicore machines.

     stud has very few features -- it's designed to be paired with an intelligent backend like haproxy or nginx.  It maintains a strict 1:1 con-
     nection pattern with this backend handler so that the backend can dictate throttling behavior, maxmium connection behavior, availability of
     service, etc.

     The only required argument is a path to a PEM file that contains the certificate (or a chain of certificates) and private key. It should also
     contain DH parameter if you wish to use Diffie-Hellman cipher suites.

     The options are as follows:

     --tls   Use TLSv1 (default).

     --ssl   Use only SSLv3 and no TLSv1.

     -c ciphers
	     Set allowed ciphers using the same format as openssl ciphers.  For example, you can use RSA:!COMPLEMENTOFALL.

     -b host,port
	     Define backend. Default is 127.0.0.1,8000.  Incoming connections will be unwrapped and sent to this IP and port.

     -f host,port
	     Define frontend. Default is *,8443.  Incoming connections will be accepted to this IP and port and will be sent to the backend
	     defined above.

     -n cores
	     Use cores worker processes. Default is 1.

     -r path
	     Chroot to the given path. By default, no chroot is done.

     -u username
	     Set GID/UID after binding the socket. By default, no privilege is dropped.

     --write-ip
	     Write 1 octet with the IP family followed by the IP address in 4 (IPv4) or 16 (IPv6) octets little-endian to backend before the
	     actual data.

     --write-proxy
	     Write HaProxy's PROXY (IPv4 or IPv6) protocol line before actual data.

SEE ALSO

     ciphers(1SSL), dhparam(1SSL), haproxy(1)

AUTHORS

     stud was originally written by Jamie Turner (@jamwt) and is maintained by the Bump server team.  It currently provides server-side TLS termi-
     nation for over 40 million Bump users.

BSD
								September 23, 2011							       BSD